Kubernetes/k8s-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
925dcf29515edf70fbbd564d3f29c33a87296992
k8s-configs/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/gitea-sonarqube-bot/values-override.yaml
Denis Patrakeev 9ad173187e [DO-1600] deploy prod gitea-sonarqube-bot (!71) 
[DO-1600]

Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech>
Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/71
2025-02-28 19:51:58 +03:00

151 lines
7.6 KiB
YAML
Raw Blame History

## @section Common parameters
## @param replicaCount Number of replicas for the bot
replicaCount: 2
## ref: https://hub.docker.com/r/justusbunsi/gitea-sonarqube-bot/tags/
## @param image.repository Image repository
## @param image.pullPolicy Image pull policy
## @param image.tag Image tag (Overrides the image tag whose default is the chart `appVersion`)
image:
repository: harbor.avroid.tech/devops/gitea-sonarqube-bot
tag: "avr-v0.3.4"
## @param imagePullSecrets Specify docker-registry secret names as an array
imagePullSecrets:
- name: harbor-registry-secret
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits The resources limits for the container
## @param resources.requests The requested resources for the container
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector:
node-role.kubernetes.io/worker: ""
## @param podAnnotations Pod annotations.
podAnnotations:
vault.security.banzaicloud.io/vault-addr: "https://vault.avroid.tech"
vault.security.banzaicloud.io/vault-role: "avroid-prod"
vault.security.banzaicloud.io/vault-skip-verify: "false"
vault.security.banzaicloud.io/vault-path: "avroid-office"
## @section App parameters
app:
## @param app.configLocationOverride Override the default location of the configuration file (`/home/bot/config/config.yaml`). **Available since Chart version `0.2.0`. Requires at least image tag `v0.2.0`**. (See values file for details)
## Setting this will also change the mount point for `.Values.app.configuration` to the directory part of the override value.
configLocationOverride: ""
## This object represents the [config.yaml](https://codeberg.org/justusbunsi/gitea-sonarqube-bot/src/branch/main/config/config.example.yaml) provided to the application.
configuration:
## Gitea related configuration. Necessary for adding/updating comments on repository pull requests
gitea:
## @param app.configuration.gitea.url Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
url: "https://git.avroid.tech"
## Created access token for the user that shall be used as bot account.
## User needs "Read project" permissions with access to "Pull Requests"
## @param app.configuration.gitea.token.value Gitea token as plain text. Can be replaced with `file` key containing path to file.
token:
value: ""
## If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
## request will be ignored.
## The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
## exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
## @param app.configuration.gitea.webhook.secret Secret for signature header (in plaintext)
## @extra app.configuration.gitea.webhook.secretFile Path to file containing the plain text secret. Alternative to inline `app.configuration.gitea.webhook.secret`
webhook:
secret: ""
## SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
sonarqube:
## @param app.configuration.sonarqube.url Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
url: "https://sonarqube.avroid.tech"
## Created access token for the user that shall be used as bot account.
## User needs "Browse on project" permissions
## @param app.configuration.sonarqube.token.value SonarQube token as plain text. Can be replaced with `file` key containing path to file.
token:
value: ""
## If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
## request will be ignored.
## The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
## If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
## validated.
## @param app.configuration.sonarqube.webhook.secret Secret for signature header (in plaintext)
## @extra app.configuration.sonarqube.webhook.secretFile Path to file containing the plain text secret. Alternative to inline `app.configuration.sonarqube.webhook.secret`
webhook:
secret: ""
## List of project mappings to take care of. Webhooks for other projects will be ignored.
## At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own.
## @param app.configuration.projects[0].sonarqube.key Project key inside SonarQube
## @param app.configuration.projects[0].gitea.owner Repository owner inside Gitea
## @param app.configuration.projects[0].gitea.name Repository name inside Gitea
projects:
- sonarqube:
key: example:example_sast
## A repository specification contains the owner name and the repository name itself. The owner can be the name of a
## real account or an organization in which the repository is located.
gitea:
owner: DevSec
name: sast-demo
## Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema.
## @param app.configuration.namingPattern.regex Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR. That integer part is identical to the pull request ID in Gitea.
## @param app.configuration.namingPattern.template Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID. See: https://pkg.go.dev/fmt#hdr-Printing
namingPattern:
regex: ^PR-(\d+)$
urlregex: ^http.*&pullRequest=PR-(\d+).*$
template: PR-%d
bitbucket:
webhook:
secret: ""
## @section Security parameters
serviceAccount:
## @param serviceAccount.create Specifies whether a service account should be created
create: false
## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template
name: "vault"
## ref: https://kubernetes.io/docs/user-guide/ingress/
ingress:
## @param ingress.enabled Enable ingress controller resource
enabled: true
## @param ingress.className IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster.
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
className: "nginx"
## @param ingress.annotations Additional annotations for the Ingress resource.
annotations:
kubernetes.io/ingress.class: nginx
## @param ingress.hosts[0].host Host for the ingress resource
## @param ingress.hosts[0].paths[0].path The path to the bot endpoint
## @param ingress.hosts[0].paths[0].pathType Ingress path type
hosts:
- host: gitea-sonarqube-bot.avroid.tech
paths:
- path: /
pathType: ImplementationSpecific
Reference in New Issue View Git Blame Copy Permalink