myLimbo/casa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fluxcd: add act runners

Browse Source
This commit is contained in:
Márcio Fernandes
2026-06-06 04:06:16 +00:00
parent 73a1a2fe05
commit 86fda959d2
17 changed files with 94 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+1
View File
@@ -13,3 +13,4 @@ ansible/inventory.yml
.env.d/* .env.d/*
.tmp/** .tmp/**
storage-limbosolutions-com/deploy/helm/values.private.yaml storage-limbosolutions-com/deploy/helm/values.private.yaml
**.dec.**
services/casa-vlan-cicd-runners/.sops.yaml
+11
View File
@@ -0,0 +1,11 @@
creation_rules:
# encrypt all values from file
- path_regex: \.private\.dec\.yaml$
encrypted_regex: '^(.*)$'
age:
- age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
# encrypt secrets files
- path_regex: .*.yaml
encrypted_regex: ^(data|stringData)$
age:
- age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
services/casa-vlan-cicd-runners/README.md
+16
View File
@@ -0,0 +1,16 @@
# act-runners
## Setup
Using flux for reconciliation.
``` bash
./ops-scripts/apply-flux.sh
```
**Encrypt secrets:**
``` bash
sops -e deploy/app/secret.dec.yaml > deploy/app/secret.yaml
```
services/casa-vlan-cicd-runners/deploy/configmap.yaml → services/casa-vlan-cicd-runners/deploy/app/configmap.yaml
View File
services/casa-vlan-cicd-runners/deploy/deployment.yaml → services/casa-vlan-cicd-runners/deploy/app/deployment.yaml
View File
services/casa-vlan-cicd-runners/deploy/app/kustomization.yaml
+7
View File
@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: casa-vlan-cicd
resources:
- configmap.yaml
- deployment.yaml
- secret.yaml
services/casa-vlan-cicd-runners/deploy/app/secret.yaml
+26
View File
@@ -0,0 +1,26 @@
apiVersion: v1
kind: Secret
metadata:
name: act-runner
type: Opaque
data:
GITEA_INSTANCE_URL: ENC[AES256_GCM,data:DFI/mFprPbTjBNbpASIzfxkQYOxEDVAanWWNqWTEIHzNuR5SD/bv8w==,iv:kAYTWAna344hy4oZ+MH/fiPoE4bZCt92niVg6S/PgsM=,tag:g5T6R2wEzjIiy2762N/H7A==,type:str]
GITEA_MYLIMBO_RUNNER_NAME: ENC[AES256_GCM,data:gW/DOukYZHrFzbc78Roi70kk9p7vUcHyl1w/bAB7q7M=,iv:Ip3aTsh73bM9GoNaSScvFaYmoiUz2iuGuVu2K5yHyrI=,tag:32w120l0xRU38NghfRx02A==,type:str]
GITEA_MYLIMBO_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:JJyMTbnjEoufj6c4KT3ssGm2c91eh7mY+fuYt4YY8bBfozhGlytoHgGEm5u1u3Dq1TNCx+lhIBI=,iv:T/IvhkBMFtU/1Mgtn3sHMsgGIk/7GVA7m/QSSSHkDgo=,tag:r3ON2jjlkA2j0AQfGwFg3A==,type:str]
GITEA_MF_RUNNER_NAME: ENC[AES256_GCM,data:QRjb2g6hTGHGjjC8T8s9rvP+y55qqRCFjeUz2Cb/fps=,iv:RRB6Gw1y2bRucIoae7oyz796u8KXnLylqwmxDSzsjc0=,tag:Y03ndziszoo1LepOibfEdQ==,type:str]
GITEA_MF_RUNNER_REGISTRATION_TOKEN: ENC[AES256_GCM,data:zXJjCwzEn9647VPiZqMaPKuwDxVf95g+df4dOnOj1Fj4TrND94SfsEjB5AaTbJquO7GDB6n9Ziw=,iv:JzCr0tbalWcwnP4AzF6UXIeIJMm5GFE9iPcjwGlc4+k=,tag:VBuSw0gRIhpyDU1DK505dA==,type:str]
sops:
age:
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK0RDL2pQTFoyN0cxd1ZM
TGZ0UitKbGh4QW1qQTQ2aDJ1a04yR0NzQ0RNCld1K3ovbmxCejhJTGlPZ01YZWtK
YXhvQjFBdFBQcUM5RDk1NERNYTd2dFkKLS0tIG5TVVpDY1M5OE4vdUYwNXYyUVVB
dS9CRDQzbGhKSzRBR2lKSEhIVVBKeFUKN4MK71sU1Tm4rxKq7xq1Qux23KaEAIzO
Aw6TMCE7li6PDhojderS8Ctp8fLEoE5PuaVOjeejGZtsjZcY4jcT1A==
-----END AGE ENCRYPTED FILE-----
recipient: age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
encrypted_regex: ^(data|stringData)$
lastmodified: "2026-06-06T04:03:55Z"
mac: ENC[AES256_GCM,data:w5aSmw0vxMC7cnnwUl0MUFAoYZdxEWS5jO20lgwzR8co837gVXZbEzig8D8e0Q5ACRum0DEwKCymUVufPt34bgNV/QilW6mP3hh10oIo9NSktLH7u6VgCI4hdHaUsYbHNhkA9Tl8LK7FajjzrCv0Ha908HZ49grbPg1CTVAioF4=,iv:3+6shBcadgY32xmiDKsAqPGmHBYL7GIODR30BZ3qHNk=,tag:6YmQtL77ynfjv8/zgBBFBA==,type:str]
version: 3.13.1
services/casa-vlan-cicd-runners/deploy/kustomization.yaml
-14
View File
@@ -1,14 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- configmap.yaml
- deployment.yaml
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- name: casa-vlan-cicd-runners
envs:
- .env.d/.env
services/casa-vlan-cicd-runners/flux/.env.d/.gitignore
+2
View File
@@ -0,0 +1,2 @@
**
!.gitignore
services/casa-vlan-cicd-runners/flux/app-sync.yaml
+16
View File
@@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: act-runners
spec:
interval: 1m
sourceRef:
kind: GitRepository
name: casa
namespace: casa-limbosolutions-com
path: services/casa-vlan-cicd-runners/deploy/app
prune: true
decryption:
provider: sops
secretRef:
name: flux-sops-age
services/casa-vlan-cicd-runners/flux/kustomization.yaml
+11
View File
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: casa-vlan-cicd
resources:
- app-sync.yaml
secretGenerator:
- name: flux-sops-age
files:
- "age.agekey=./.env.d/age.agekey"
generatorOptions:
disableNameSuffixHash: true
services/casa-vlan-cicd-runners/ops-scripts/apply-app.sh
-4
View File
@@ -1,4 +0,0 @@
#!/bin/bash
set -e
NAMESPACE=casa-vlan-cicd
kubectl kustomize ./services/casa-vlan-cicd-runners/deploy | kubectl --namespace ${NAMESPACE} apply -f -
services/casa-vlan-cicd-runners/ops-scripts/apply-flux.sh
Executable
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
set -e
NAMESPACE=casa-vlan-cicd
kubectl kustomize ./services/casa-vlan-cicd-runners/deploy/flux | kubectl --namespace ${NAMESPACE} apply -f -
services/casa-vlan-cicd-runners/ops-scripts/apply-infra.sh
-4
View File
@@ -1,4 +0,0 @@
#!/bin/bash
set -e
NAMESPACE=casa-vlan-cicd
kubectl create namespace ${NAMESPACE} || true
services/node-red/.gitignore
-1
View File
@@ -1 +0,0 @@
**.dec.**
services/node-red/README.md
-1
View File
@@ -1,6 +1,5 @@
# node-red # node-red
``` bash ``` bash
#npm install bcryptjs #npm install bcryptjs
node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" YOUR-PASSWORD node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" YOUR-PASSWORD
services/node-red/deploy/app/.gitignore
-1
View File
@@ -1 +0,0 @@
node-red-settings.js