viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks/woodpecker/values.yaml
Viktor Barzin 850ab5277f migrate consuming stacks to ESO + remove k8s-dashboard static token 
Phase 9: ExternalSecret migration across 26 stacks:

Fully migrated (vault data source removed, ESO delivers secrets):
- speedtest, shadowsocks, wealthfolio, plotting-book, f1-stream, tandoor
- n8n, dawarich, diun, netbox, onlyoffice, tuya-bridge
- hackmd (ESO template for DB URL), health (ESO template for DB URL)
- trading-bot (ESO template for DATABASE_URL + 7 secret env vars)
- forgejo (removed unused vault data source)

Partially migrated (vault kept for plan-time, ESO added for runtime):
- immich, linkwarden, nextcloud, paperless-ngx (jsondecode for homepage)
- claude-memory, rybbit, url, webhook_handler (plan-time in locals/jobs)
- woodpecker, openclaw, resume (plan-time in helm values/jobs/modules)

17 stacks unchanged (all plan-time: homepage annotations, configmaps,
module inputs) — vault data source works with OIDC auth.

Phase 17a: Remove k8s-dashboard static admin token secret.
Users now get tokens via: vault write kubernetes/creds/dashboard-admin
2026-03-18 08:04:02 +00:00

59 lines
1.8 KiB
YAML
Raw Blame History

server:
enabled: true
podAnnotations:
reloader.stakater.com/search: "true"
statefulSet:
replicaCount: 1
image:
registry: docker.io
repository: woodpeckerci/woodpecker-server
tag: "v3.13.0"
env:
WOODPECKER_HOST: "https://ci.viktorbarzin.me"
WOODPECKER_ADMIN: "ViktorBarzin"
WOODPECKER_OPEN: "false"
WOODPECKER_GITHUB: "true"
WOODPECKER_GITHUB_URL: "https://github.com"
WOODPECKER_GITHUB_CLIENT: "${github_client_id}"
WOODPECKER_GITHUB_SECRET: "${github_client_secret}"
WOODPECKER_AGENT_SECRET: "${agent_secret}"
WOODPECKER_DATABASE_DRIVER: "postgres"
WOODPECKER_DATABASE_DATASOURCE: "postgres://woodpecker:${db_password}@${postgresql_host}:5432/woodpecker?sslmode=disable"
WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx,plugins/docker"
WOODPECKER_PLUGINS_TRUSTED_CLONE: "woodpeckerci/plugin-git,alpine"
WOODPECKER_LOG_LEVEL: "info"
WOODPECKER_FORGEJO: "true"
WOODPECKER_FORGEJO_CLIENT: "${forgejo_client_id}"
WOODPECKER_FORGEJO_SECRET: "${forgejo_client_secret}"
WOODPECKER_FORGEJO_URL: "${forgejo_url}"
service:
type: ClusterIP
port: 80
# Disable built-in ingress (using ingress_factory)
ingress:
enabled: false
# Disable PVC (using PostgreSQL instead of SQLite)
persistence:
enabled: false
agent:
enabled: true
podAnnotations:
reloader.stakater.com/search: "true"
replicaCount: 2
image:
registry: docker.io
repository: woodpeckerci/woodpecker-agent
tag: "v3.13.0"
env:
WOODPECKER_BACKEND: "kubernetes"
WOODPECKER_BACKEND_K8S_NAMESPACE: "woodpecker"
WOODPECKER_MAX_WORKFLOWS: "2"
WOODPECKER_AGENT_SECRET: "${agent_secret}"
persistence:
enabled: false
rbac:
create: true
serviceAccount:
create: true
name: "woodpecker-agent"
Reference in a new issue View git blame Copy permalink