add semaphore manifests

2025-12-27 22:25:55 +05:30
parent f2b8317259
commit 6dfa61c7c3
6 changed files with 186 additions and 0 deletions
--- a/clusters/ipv6/git-ops/semaphore/semaphore-configmap.yml
+++ b/clusters/ipv6/git-ops/semaphore/semaphore-configmap.yml
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: semaphore-config
+  namespace: git-ops
+data:
+  SEMAPHORE_DB_USER: "semaphore"
+  SEMAPHORE_DB_HOST: "semaphore-db"
+  SEMAPHORE_DB_PORT: "3306"
+  SEMAPHORE_DB_DIALECT: "mysql"
+  SEMAPHORE_DB: "semaphore"
+  SEMAPHORE_PLAYBOOK_PATH: "/tmp/semaphore"
+  SEMAPHORE_ADMIN_NAME: "admin"
+  SEMAPHORE_ADMIN_EMAIL: "aggarwalakshun@gmail.com"
+  SEMAPHORE_ADMIN: "admin"
+  SEMAPHORE_LDAP_ACTIVATED: "'no'"
--- a/clusters/ipv6/git-ops/semaphore/semaphore-db.yml
+++ b/clusters/ipv6/git-ops/semaphore/semaphore-db.yml
@@ -0,0 +1,46 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: semaphore-db
+  namespace: git-ops
+spec:
+  selector:
+    matchLabels:
+      app: semaphore-db
+  serviceName: semaphore-db
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: semaphore-db
+    spec:
+      containers:
+      - name: mysql
+        image: mysql:9.5.0
+        ports:
+        - containerPort: 3306
+        env:
+        - name: MYSQL_RANDOM_ROOT_PASSWORD
+          value: "'yes'"
+        - name: MYSQL_DATABASE
+          value: "semaphore"
+        - name: MYSQL_USER
+          value: "semaphore"
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: semaphore-secrets
+              key: mysql_password
+        volumeMounts:
+        - name: semaphore-db
+          mountPath: /var/lib/mysql
+  volumeClaimTemplates:
+  - metadata:
+      name: semaphore-db
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 2Gi
+      storageClassName: longhorn
--- a/clusters/ipv6/git-ops/semaphore/semaphore-ingress.yml
+++ b/clusters/ipv6/git-ops/semaphore/semaphore-ingress.yml
@@ -0,0 +1,27 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: semaphore-ingress
+  namespace: arr-stack
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-cloudflare
+    traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - semaphore.akshun-lab.cc
+    secretName: semaphore-tls
+  rules:
+  - host: semaphore.akshun-lab.cc
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: semaphore-service
+            port:
+              number: 3000
--- a/clusters/ipv6/git-ops/semaphore/semaphore-secret.yml
+++ b/clusters/ipv6/git-ops/semaphore/semaphore-secret.yml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: semaphore-secrets
+  namespace: git-ops
+spec:
+  encryptedData:
+    admin_password: AgAvzU2Kxf5AS9JSELN13bFPIAuvPhGPZS4cGl1gmVk5GT87FRYdIv8LpYACCd2voHsrymakkleR/oTXxAJDpMtkDFawRftvPpsEuNyt6aVPjMbN74HAuz3cRdgOQfwjMkawWd3RyHLY50ZYJaw8KwwVTuD8vO2SC3TYajRvVdfTwEMsVcffZBcpB5PNSvhzpqb66a+f78xQQI/10xLcBlFEYJ6+Mi1PwDVOb4aMuu5ezGVzzp/rmXBGTeT3mBpe4zZO6/mRJ9JvTEUGf6Btj9e8JiKhhNEuykPV46UlogryBLCTZDDHLUHx6GYbGluoU8AYIH5L7pV+UndZGqSlwWJFFX9zAkOPip1B5PQzAea5qWkrQ5ExAkIYjc42fpeiPhZtFlYGqeL+mckUsbrocwNAHYR9u1L6AiAOsIbTeSJ9K7Zs/IfaVmQlMDa2P4kICn39DWDu3DdCWvbubl+VZOedIOnysrdZJgEVcqKIBPChQBNfFFRX9/tqoeC0DRtJARLvcr3uwn1KZWS4GGhMAwwguwmrb3g8+IMUM9uKMO1WXBL9FaaI3cPEPebvNOiV2e//QvNSiUwAjlRvU/CEtmrZwTANu8nTbxBNT5MeFLvFdoLgDy715JGzyzIv5HDqCNh3KGmML4R3SHYieaDyDwh9RGEhfH9aS5ZWghru+h0i8Zoc/jRIQ7K1KCwwDOaX0+JIB51CEM/ac7QpPg==
+    key: AgChqM0qnZ9+lZWtqCx8gwZOL/2MxPlowGRixHK0XTNgkFFbrm/pKGV14fXkt0NIlZsBIdpqP0i+zwXdWO6qpS5paR8j0rxwPkdjQ8SWTq70H5NN8bj4eXt9PwkMtrq9c8dhJqXAa4T2lPV/vEQA6f/dsiWgHM9IxWsqkujXm4STtneBrG5dmiLRC/jXgkf1SkejLku7N3RZaYLGRtl/d+YTt+0W6IMTHraMnaFm18vX6JAZokgeF93zcXN0o9NnmcnIJ/WyJzmpaRLnSv8RVgeq8ONbxMo+Ke70QlqgmLwX3W4r18q5OGz+nqOugHAI2nKo/Ss3T1rnqL6no4RCCWa7YK8Yedx8EPhILMntgKENGtn0kZ0RNe+yqG+92FPQDv5lZFeLKTc0+fNWdlegBAq6VqFo6n/xwMJHKuyXV03l5ibPWBaxu3fUEdenhqePW6kD15zZ4pkKfoKbFNuqN9cGFO118Eb50X03J6+GtfO9Fx4ly/EarCPw3Rt8nYzliXw0m/DiBG7e0OiaftykK/aCJikZyUwawkdWoPq5umNcIzZ64YLdcozuQF2NZzn6E7DVeXPVCaOkIgd99dWXEhBijgmUUqMTvLzffFN//5Q2gTA/p2SByWAdFb1II552KMiGHPbgcq9zAzRwJeA52V02I53EfWsYP9wBViWmZ3+fB+clbfrb0ZAU7/xEk5ZQ1zklmZP6KtLpOngx2dIwbKpiAfKoY/YNv+4=
+    mysql_password: AgAuKcFk24AoA9N0QLobVhxDXRBzAspzvo0xFnVbDs6vB58Z3ExKiA6M9u9BboKLRHBlHBNcsjSI2YTDKm6OpwnLouatYQTitSo+KHUn7T7lXMNL9xv2Swpu3kOPvUG6YKRtIouFVvRLnww/yZZZ8OR6FQwgc7bmuKglFEd4t6R0hcsyozIuDt6TdzLmCLz3VtcKVZXsC4ACAHc51Ns+FZBaKyqLuFxojhB8MwI1NfE0o2JUojeO1cG767oSJDyM+5u8+eh4FYIDEUjFve/44f9LK4iZifkLHAyxVcBEA622/O8iMY0/RIh+nozffjih08eX8uRmDyevm4qeSbnrn/Xer+DYers40qaHokFey1psSG8zXBTToPqL9DEcg0EmhQcadsk3v8ZwwTbX3z72RcJsJkdbm295QkzXE4ZadaNI2bqYrf2l6ms4XkHhHC8qmhlQU+dNnDRKBQ/qgZrorD3EprKV4kpFjgQa7ICedNVv0UGmKMQpmCus8bT1T7NwnSaFTLIBOsWGXnQyF89ytvnHKzVdMnYjpVQgnGyDsVJtwwypuFu7ri7qi9M7bYT/wk9JaBq69V5yOxwT0/ZHB2ik4RZWWkY7cFuxNlYNStaYrYmdcB6Kdpr7JHHvexqcijj31xqmXPc9uuVSZqjg7/36AYGwY1GdGON5madm71XGpqvYue9r5hSAugK4/W0hzDJcYPonzXvkX730jg==
+  template:
+    metadata:
+      name: semaphore-secrets
+      namespace: git-ops
+    type: Opaque
--- a/clusters/ipv6/git-ops/semaphore/semaphore-svc.yml
+++ b/clusters/ipv6/git-ops/semaphore/semaphore-svc.yml
@@ -0,0 +1,27 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: semaphore-service
+  namespace: git-ops
+spec:
+  selector:
+    app: semaphore
+  ports:
+  - name: http
+    port: 3000
+    targetPort: 3000
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: semaphore-db
+  namespace: git-ops
+spec:
+  selector:
+    app: semaphore-db
+  ports:
+  - port: 3306
+    targetPort: 3306
+  clusterIP: None
--- a/clusters/ipv6/git-ops/semaphore/semaphore.yml
+++ b/clusters/ipv6/git-ops/semaphore/semaphore.yml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: semaphore
+  namespace: git-ops
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: semaphore
+  template:
+    metadata:
+      labels:
+        app: semaphore
+    spec:
+      containers:
+      - name: semaphore
+        image: public.ecr.aws/semaphore/pro/server:v2.16.47
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - |
+              nc -z semaphore-db.git-ops.svc.cluster.local 3306
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          failureThreshold: 3
+        ports:
+        - name: http
+          containerPort: 3000
+        envFrom:
+        - configMapRef:
+            name: semaphore-config
+        env:
+        - name: SEMAPHORE_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: semaphore-secrets
+              key: admin_password
+        - name: SEMAPHORE_DB_PASS
+          valueFrom:
+            secretKeyRef:
+              name: semaphore-secrets
+              key: mysql_password
+        - name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
+          valueFrom:
+            secretKeyRef:
+              name: semaphore-secrets
+              key: key