Merge pull request #423 from 3dwardch3ng/infra/renovate

Infra/renovate

kubernetes/infrastructure/namespaces/namespaces/renovate.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: renovate

kubernetes/infrastructure/postgresql/scripts/ingress-nginx-svc-controller-patch.yaml

@@ -4,7 +4,7 @@ spec:
       port: 5432
       targetPort: 5432
       protocol: TCP
-    - name: postgresql-repl--tcp
+    - name: postgresql-repl-tcp
       port: 5433
       targetPort: 5433
       protocol: TCP

kubernetes/infrastructure/prometheus-exporters/exporters/renovate-exporter.yaml

@@ -0,0 +1,68 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: renovate-exporter
+  namespace: renovate
+spec:
+  chart:
+    spec:
+      chart: prometheus-json-exporter
+      version: 0.11.0
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        namespace: flux-system
+        name: prometheus-community
+  interval: 1h
+  driftDetection:
+    mode: enabled
+  values:
+    nameOverride: renovate-exporter
+
+    configuration:
+      # language=yaml
+      config: |
+        modules:
+          renovate:
+            http_client_config:
+              authorization:
+                credentials_file: /credentials/renovate.txt
+
+            metrics:
+              - name: renovate_organization_count
+                valuetype: gauge
+                path: "{ .app.organizationCount }"
+                help: The number of organizations known to renovate
+
+              - name: renovate_repository_count
+                valuetype: gauge
+                path: "{ .app.repositoryCount }"
+                help: The number of repositories known to renovate
+
+              - name: renovate_jobs_processed
+                valuetype: counter
+                path: "{ .jobs.history.processed }"
+                help: The number of jobs processed since the instance has started
+
+              - name: renovate_queue_size
+                valuetype: gauge
+                path: "{ .jobs.queue.size }"
+                help: The number of jobs currently in the queue
+
+    additionalVolumes:
+      - name: renovate-credentials
+        secret:
+          secretName: app-vars
+    additionalVolumeMounts:
+      - name: renovate-credentials
+        mountPath: /credentials/renovate.txt
+        subPath: api_secret
+
+    serviceMonitor:
+      enabled: true
+      defaults:
+        interval: 1m
+      targets:
+        - name: renovate
+          url: http://renovate.renovate.svc.cluster.local:8080/api/status
+          module: renovate

kubernetes/infrastructure/renovate/app/deployment.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: renovate
+  namespace: renovate
+  labels:
+    app: renovate
+spec:
+  selector:
+    matchLabels:
+      app: renovate
+  template:
+    metadata:
+      labels:
+        app: renovate
+    spec:
+      containers:
+        - name: renovate
+          image: ghcr.io/mend/renovate-ce:7.4.0-full
+          ports:
+            - containerPort: 8080
+          env:
+            - name: MEND_RNV_ACCEPT_TOS
+              value: y
+            - name: MEND_RNV_LICENSE_KEY
+              value: ${renovate_license_key}
+            - name: MEND_RNV_PLATFORM
+              value: github
+            - name: MEND_RNV_GITHUB_APP_ID
+              value: ${github_app_id}
+            - name: RNV_GITHUB_PEM_FILE_PATH
+              value: "/usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem"
+            - name: MEND_RNV_WEBHOOK_SECRET
+              value: ${github_app_webhook_secret}
+            - name: MEND_RNV_ADMIN_API_ENABLED
+              value: "true"
+            - name: MEND_RNV_SERVER_API_SECRET
+              value: ${server_api_secret}
+            - name: GITHUB_COM_TOKEN
+              value: ${github_pat}
+            - name: MEND_RNV_AUTODISCOVER_FILTER
+              value: "3dwardch3ng/home-cluster-ops"
+            - name: MEND_RNV_ENQUEUE_JOBS_ON_STARTUP
+              value: "enabled"
+            - name: MEND_RNV_LOG_HISTORY_DIR
+              value: "/logs"
+          volumeMounts:
+            - name: renovate-db
+              mountPath: /db/
+            - name: renovate-logs
+              mountPath: /logs/
+            - name: renovate-gh-app-pem
+              mountPath: /usr/src/app/rpi5-cluster-renovate.2024-07-05.private-key.pem
+      volumes:
+        - name: renovate-db
+          hostPath:
+            path: /mnt/nfs/AppData/renovate/db
+            type: Directory
+        - name: renovate-logs
+          hostPath:
+            path: /mnt/nfs/AppData/renovate/logs
+            type: Directory
+        - name: renovate-gh-app-pem
+          hostPath:
+            path: /mnt/nfs/AppData/renovate/key/rpi5-cluster-renovate.2024-07-05.private-key.pem
+            type: File

kubernetes/infrastructure/renovate/app/ingress.yaml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: renovate-ingress
+  namespace: renovate
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "renovate.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: renovate
+                port:
+                  number: 8899
+    - host: "renovate.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: renovate
+                port:
+                  number: 8899

kubernetes/infrastructure/renovate/app/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: renovate
+  namespace: renovate
+  labels:
+    app.kubernetes.io/name: renovate
+    app.kubernetes.io/instance: renovate
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8899
+      targetPort: 8080
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: renovate
+    app.kubernetes.io/instance: renovate

kubernetes/infrastructure/renovate/renovate.yaml

@@ -0,0 +1,50 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: renovate-secrets
+  namespace: flux-system
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: renovate
+  path: ./renovate
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: renovate
+  namespace: renovate
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/infrastructure/renovate/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: namespaces
+      namespace: flux-system
+    - name: renovate-secrets
+      namespace: flux-system
+    - name: local-path-provisioner
+      namespace: local-path-storage
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: renovate-secrets