Fix AppArmor for Jenkins Agents

2023-11-24 13:05:33 +00:00 · 2023-11-24 13:05:33 +00:00 · 6dcecbde91
commit 6dcecbde91
parent 781ac5d0f3
3 changed files with 17 additions and 2 deletions
--- a/charts/kubezero-ci/README.md
+++ b/charts/kubezero-ci/README.md
@ -22,7 +22,7 @@ Kubernetes: `>= 1.25.0`
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
 | https://charts.jenkins.io | jenkins | 4.8.3 |
 | https://dl.gitea.io/charts/ | gitea | 9.6.0 |
-| https://docs.renovatebot.com/helm-charts | renovate | 36.109.4 |
+| https://docs.renovatebot.com/helm-charts | renovate | 37.64.3 |

 # Jenkins
 - default build retention 10 builds, 32days
@ -48,12 +48,20 @@ Kubernetes: `>= 1.25.0`

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| gitea.checkDeprecation | bool | `false` |  |
 | gitea.enabled | bool | `false` |  |
+| gitea.extraVolumeMounts[0].mountPath | string | `"/data/gitea/public/assets/css"` |  |
+| gitea.extraVolumeMounts[0].name | string | `"gitea-themes"` |  |
+| gitea.extraVolumeMounts[0].readOnly | bool | `true` |  |
+| gitea.extraVolumes[0].configMap.name | string | `"gitea-kubezero-ci-themes"` |  |
+| gitea.extraVolumes[0].name | string | `"gitea-themes"` |  |
 | gitea.gitea.admin.existingSecret | string | `"gitea-admin-secret"` |  |
 | gitea.gitea.config.cache.ADAPTER | string | `"memory"` |  |
 | gitea.gitea.config.database.DB_TYPE | string | `"sqlite3"` |  |
 | gitea.gitea.config.queue.TYPE | string | `"level"` |  |
 | gitea.gitea.config.session.PROVIDER | string | `"memory"` |  |
+| gitea.gitea.config.ui.DEFAULT_THEME | string | `"github-dark"` |  |
+| gitea.gitea.config.ui.THEMES | string | `"gitea,github-dark"` |  |
 | gitea.gitea.demo | bool | `false` |  |
 | gitea.gitea.metrics.enabled | bool | `false` |  |
 | gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` |  |
@ -75,6 +83,7 @@ Kubernetes: `>= 1.25.0`
 | gitea.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
 | gitea.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | gitea.strategy.type | string | `"Recreate"` |  |
+| gitea.test.enabled | bool | `false` |  |
 | jenkins.agent.containerCap | int | `2` |  |
 | jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` |  |
 | jenkins.agent.idleMinutes | int | `30` |  |
--- a/charts/kubezero-ci/update.sh
+++ b/charts/kubezero-ci/update.sh
@ -1,6 +1,10 @@
 #!/bin/bash
+set -ex

-helm dep update
+. ../../scripts/lib-update.sh
+
+#login_ecr_public
+update_helm

 # Create ZDT dashboard configmap
 ../kubezero-metrics/sync_grafana_dashboards.py dashboard-jenkins.yaml templates/jenkins/grafana-dashboard.yaml
--- a/charts/kubezero-ci/values.yaml
+++ b/charts/kubezero-ci/values.yaml
@ -166,6 +166,8 @@ jenkins:
    podRetention: "Default"
    showRawYaml: false
    podName: "podman-aws"
+    annotations:
+      container.apparmor.security.beta.kubernetes.io/jnlp: unconfined
    customJenkinsLabels:
    - podman-aws-trivy
    idleMinutes: 30