yyvf22 pushed to branch main at Root / Kubernetes / FluxCD Commits: 575ab21d by yyvf at 2025-08-04T15:32:05-03:00 refactor(fluxcd): #6 move openbao to infrastructure - - - - - 14 changed files: - − apps/base/gitlab-runner/es.yaml - − apps/base/gitlab-runner/helmrelease.yaml - − apps/base/gitlab-runner/helmrepo.yaml - − apps/base/gitlab-runner/kustomization.yaml - − apps/base/gitlab-runner/ns.yaml - − apps/base/gitlab-runner/pvc.yaml - apps/stage/kustomization.yaml - apps/base/openbao/cj.yaml → infrastructure/base/openbao/cj.yaml - apps/base/openbao/es.yaml → infrastructure/base/openbao/es.yaml - apps/base/openbao/helmrelease.yaml → infrastructure/base/openbao/helmrelease.yaml - apps/base/openbao/helmrepo.yaml → infrastructure/base/openbao/helmrepo.yaml - apps/base/openbao/kustomization.yaml → infrastructure/base/openbao/kustomization.yaml - apps/base/openbao/ns.yaml → infrastructure/base/openbao/ns.yaml - infrastructure/stage/kustomization.yaml Changes: ===================================== apps/base/gitlab-runner/es.yaml deleted ===================================== @@ -1,25 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitlab-runner - namespace: gitlab-runner -spec: - refreshInterval: "15s" - secretStoreRef: - name: openbao - kind: ClusterSecretStore - target: - name: gitlab-runner - data: - - secretKey: tokenUnprivileged - remoteRef: - key: gitlab-runner - property: tokenUnprivileged - - secretKey: tokenPrivilegedRoot - remoteRef: - key: gitlab-runner - property: tokenPrivilegedRoot - - secretKey: tokenPrivilegedC3SL - remoteRef: - key: gitlab-runner - property: tokenPrivilegedC3SL ===================================== apps/base/gitlab-runner/helmrelease.yaml deleted ===================================== @@ -1,195 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: unprivileged - namespace: gitlab-runner -spec: - interval: 1m - chart: - spec: - chart: gitlab-runner - sourceRef: - kind: HelmRepository - name: gitlab-runner - values: - replicas: 1 - gitlabUrl: https://gitlab.c3sl.ufpr.br - rbac: - create: true - serviceAccount: - create: true - runners: - executor: kubernetes - config: | - [[runners]] - shell = "bash" - environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true"] - [runners.kubernetes] - image = "harbor.c3sl.ufpr.br/root/gitlab-runner-base:latest" - ephemeral_storage_limit = "5Gi" - helper_ephemeral_storage_limit = "5Gi" - service_ephemeral_storage_limit = "5Gi" - [[runners.kubernetes.volumes.pvc]] - name = "unprivileged-gitlab-runner-cache" - mount_path = "/cache" - [[runners.kubernetes.pod_spec]] - name = "ephemeral-pvc" - patch = ''' - containers: - - name: build - volumeMounts: - - name: builds - mountPath: /builds - - name: helper - volumeMounts: - - name: builds - mountPath: /builds - volumes: - - name: builds - ephemeral: - volumeClaimTemplate: - spec: - storageClassName: csi-rbd-sc - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 5Gi - ''' - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsNonRoot: true - privileged: false - valuesFrom: - - kind: Secret - name: gitlab-runner - valuesKey: tokenUnprivileged - targetPath: runnerToken ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: privileged-root - namespace: gitlab-runner -spec: - interval: 1m - chart: - spec: - chart: gitlab-runner - sourceRef: - kind: HelmRepository - name: gitlab-runner - values: - replicas: 1 - gitlabUrl: https://gitlab.c3sl.ufpr.br - rbac: - create: true - serviceAccount: - create: true - runners: - executor: kubernetes - config: | - [[runners]] - shell = "bash" - environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true"] - [runners.kubernetes] - privileged = true - image = "harbor.c3sl.ufpr.br/root/gitlab-runner-base:latest" - ephemeral_storage_limit = "5Gi" - helper_ephemeral_storage_limit = "5Gi" - service_ephemeral_storage_limit = "5Gi" - [[runners.kubernetes.volumes.pvc]] - name = "privileged-root-gitlab-runner-cache" - mount_path = "/cache" - [[runners.kubernetes.pod_spec]] - name = "ephemeral-pvc" - patch = ''' - containers: - - name: build - volumeMounts: - - name: builds - mountPath: /builds - - name: helper - volumeMounts: - - name: builds - mountPath: /builds - volumes: - - name: builds - ephemeral: - volumeClaimTemplate: - spec: - storageClassName: csi-rbd-sc - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 5Gi - ''' - valuesFrom: - - kind: Secret - name: gitlab-runner - valuesKey: tokenPrivilegedRoot - targetPath: runnerToken ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: privileged-c3sl - namespace: gitlab-runner -spec: - interval: 1m - chart: - spec: - chart: gitlab-runner - sourceRef: - kind: HelmRepository - name: gitlab-runner - values: - replicas: 1 - gitlabUrl: https://gitlab.c3sl.ufpr.br - rbac: - create: true - serviceAccount: - create: true - runners: - executor: kubernetes - config: | - [[runners]] - shell = "bash" - environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true"] - [runners.kubernetes] - privileged = true - image = "harbor.c3sl.ufpr.br/root/gitlab-runner-base:latest" - ephemeral_storage_limit = "5Gi" - helper_ephemeral_storage_limit = "5Gi" - service_ephemeral_storage_limit = "5Gi" - [[runners.kubernetes.volumes.pvc]] - name = "privileged-c3sl-gitlab-runner-cache" - mount_path = "/cache" - [[runners.kubernetes.pod_spec]] - name = "ephemeral-pvc" - patch = ''' - containers: - - name: build - volumeMounts: - - name: builds - mountPath: /builds - - name: helper - volumeMounts: - - name: builds - mountPath: /builds - volumes: - - name: builds - ephemeral: - volumeClaimTemplate: - spec: - storageClassName: csi-rbd-sc - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 5Gi - ''' - valuesFrom: - - kind: Secret - name: gitlab-runner - valuesKey: tokenPrivilegedC3SL - targetPath: runnerToken ===================================== apps/base/gitlab-runner/helmrepo.yaml deleted ===================================== @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: gitlab-runner - namespace: gitlab-runner -spec: - interval: 1m0s - url: https://charts.gitlab.io ===================================== apps/base/gitlab-runner/kustomization.yaml deleted ===================================== @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ns.yaml - - helmrepo.yaml - - helmrelease.yaml - - es.yaml - - pvc.yaml ===================================== apps/base/gitlab-runner/ns.yaml deleted ===================================== @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - pod-security.kubernetes.io/enforce: privileged - name: gitlab-runner ===================================== apps/base/gitlab-runner/pvc.yaml deleted ===================================== @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: privileged-root-gitlab-runner-cache - namespace: gitlab-runner - labels: - app: gitlab-runner -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: privileged-c3sl-gitlab-runner-cache - namespace: gitlab-runner - labels: - app: gitlab-runner -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: unprivileged-gitlab-runner-cache - namespace: gitlab-runner - labels: - app: gitlab-runner -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi ===================================== apps/stage/kustomization.yaml ===================================== @@ -1,8 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../base/openbao - # Apps - ../base/ademir - ../base/codimd - ../base/keycloak ===================================== apps/base/openbao/cj.yaml → infrastructure/base/openbao/cj.yaml ===================================== ===================================== apps/base/openbao/es.yaml → infrastructure/base/openbao/es.yaml ===================================== ===================================== apps/base/openbao/helmrelease.yaml → infrastructure/base/openbao/helmrelease.yaml ===================================== ===================================== apps/base/openbao/helmrepo.yaml → infrastructure/base/openbao/helmrepo.yaml ===================================== ===================================== apps/base/openbao/kustomization.yaml → infrastructure/base/openbao/kustomization.yaml ===================================== ===================================== apps/base/openbao/ns.yaml → infrastructure/base/openbao/ns.yaml ===================================== ===================================== infrastructure/stage/kustomization.yaml ===================================== @@ -5,6 +5,7 @@ resources: - ./ippool.yaml - ../base/ceph-csi - ../base/cert-manager + - ../base/openbao - ../base/external-secrets - ../base/harbor - ../base/gitlab-runner View it on GitLab: https://gitlab.c3sl.ufpr.br/root/k8s/fluxcd/-/commit/575ab21d9b6411c8b048bae... -- View it on GitLab: https://gitlab.c3sl.ufpr.br/root/k8s/fluxcd/-/commit/575ab21d9b6411c8b048bae... You're receiving this email because of your account on gitlab.c3sl.ufpr.br.