K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #423 from 3dwardch3ng/infra/renovate

Browse Source 
Infra/renovate
This commit is contained in:
Edward Cheng
2024-07-10 19:26:20 +10:00
committed by GitHub
parent ab95034ce7 34d9027dc9
commit dc81b99c68
7 changed files with 238 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kubernetes/infrastructure/namespaces/namespaces/renovate.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: renovate

2
kubernetes/infrastructure/postgresql/scripts/ingress-nginx-svc-controller-patch.yaml
View File

@@ -4,7 +4,7 @@ spec:
port: 5432
targetPort: 5432
protocol: TCP
- name: postgresql-repl--tcp
- name: postgresql-repl-tcp
port: 5433
targetPort: 5433
protocol: TCP

68
kubernetes/infrastructure/prometheus-exporters/exporters/renovate-exporter.yaml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: renovate-exporter
namespace: renovate
spec:
chart:
spec:
chart: prometheus-json-exporter
version: 0.11.0
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: prometheus-community
interval: 1h
driftDetection:
mode: enabled
values:
nameOverride: renovate-exporter
configuration:
# language=yaml
config: |
modules:
renovate:
http_client_config:
authorization:
credentials_file: /credentials/renovate.txt
metrics:
- name: renovate_organization_count
valuetype: gauge
path: "{ .app.organizationCount }"
help: The number of organizations known to renovate
- name: renovate_repository_count
valuetype: gauge
path: "{ .app.repositoryCount }"
help: The number of repositories known to renovate
- name: renovate_jobs_processed
valuetype: counter
path: "{ .jobs.history.processed }"
help: The number of jobs processed since the instance has started
- name: renovate_queue_size
valuetype: gauge
path: "{ .jobs.queue.size }"
help: The number of jobs currently in the queue
additionalVolumes:
- name: renovate-credentials
secret:
secretName: app-vars
additionalVolumeMounts:
- name: renovate-credentials
mountPath: /credentials/renovate.txt
subPath: api_secret
serviceMonitor:
enabled: true
defaults:
interval: 1m
targets:
- name: renovate
url: http://renovate.renovate.svc.cluster.local:8080/api/status
module: renovate

66
kubernetes/infrastructure/renovate/app/deployment.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: renovate
namespace: renovate
labels:
app: renovate
spec:
selector:
matchLabels:
app: renovate
template:
metadata:
labels:
app: renovate
spec:
containers:
- name: renovate
image: ghcr.io/mend/renovate-ce:7.4.0-full
ports:
- containerPort: 8080
env:
- name: MEND_RNV_ACCEPT_TOS
value: y
- name: MEND_RNV_LICENSE_KEY
value: ${renovate_license_key}
- name: MEND_RNV_PLATFORM
value: github
- name: MEND_RNV_GITHUB_APP_ID
value: ${github_app_id}
- name: RNV_GITHUB_PEM_FILE_PATH
value: "/usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem"
- name: MEND_RNV_WEBHOOK_SECRET
value: ${github_app_webhook_secret}
- name: MEND_RNV_ADMIN_API_ENABLED
value: "true"
- name: MEND_RNV_SERVER_API_SECRET
value: ${server_api_secret}
- name: GITHUB_COM_TOKEN
value: ${github_pat}
- name: MEND_RNV_AUTODISCOVER_FILTER
value: "3dwardch3ng/home-cluster-ops"
- name: MEND_RNV_ENQUEUE_JOBS_ON_STARTUP
value: "enabled"
- name: MEND_RNV_LOG_HISTORY_DIR
value: "/logs"
volumeMounts:
- name: renovate-db
mountPath: /db/
- name: renovate-logs
mountPath: /logs/
- name: renovate-gh-app-pem
mountPath: /usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem
volumes:
- name: renovate-db
hostPath:
path: /mnt/nfs/AppData/renovate/db
type: Directory
- name: renovate-logs
hostPath:
path: /mnt/nfs/AppData/renovate/logs
type: Directory
- name: renovate-gh-app-pem
hostPath:
path: /mnt/nfs/AppData/renovate/key/rpi5-cluster-renovate.2024-07-05.private-key.pem
type: File

31
kubernetes/infrastructure/renovate/app/ingress.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: renovate-ingress
namespace: renovate
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
rules:
- host: "renovate.cluster.local"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: renovate
port:
number: 8899
- host: "renovate.cluster.edward.sydney"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: renovate
port:
number: 8899

18
kubernetes/infrastructure/renovate/app/service.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: renovate
namespace: renovate
labels:
app.kubernetes.io/name: renovate
app.kubernetes.io/instance: renovate
spec:
type: ClusterIP
ports:
- port: 8899
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/name: renovate
app.kubernetes.io/instance: renovate

50
kubernetes/infrastructure/renovate/renovate.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: renovate-secrets
namespace: flux-system
spec:
interval: 10m
timeout: 1m30s
retryInterval: 30s
targetNamespace: renovate
path: ./renovate
prune: true
sourceRef:
kind: GitRepository
namespace: flux-system
name: home-cluster-ops-secrets
dependsOn:
- name: repositories
namespace: flux-system
decryption:
provider: sops
secretRef:
name: sops-age
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: renovate
namespace: renovate
spec:
interval: 10m
timeout: 1m30s
retryInterval: 30s
path: ./kubernetes/infrastructure/renovate/app
prune: true
sourceRef:
kind: GitRepository
namespace: flux-system
name: flux-system
dependsOn:
- name: namespaces
namespace: flux-system
- name: renovate-secrets
namespace: flux-system
- name: local-path-provisioner
namespace: local-path-storage
postBuild:
substituteFrom:
- kind: Secret
name: renovate-secrets