From 7a756c20a962c46567fb5eabcbf4aa15d17bbee7 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 18:51:10 +1000 Subject: [PATCH] drone stuff --- drone-ci/runner/dronerunner-rbac.yaml | 40 +++++++++++ drone-ci/runner/dronerunner.yaml | 43 ++++++++++++ drone-ci/server/droneserver-ingress.yaml | 18 +++++ drone-ci/server/droneserver-secret.yaml | 12 ++++ drone-ci/server/droneserver.yaml | 84 ++++++++++++++++++++++++ 5 files changed, 197 insertions(+) create mode 100644 drone-ci/runner/dronerunner-rbac.yaml create mode 100644 drone-ci/runner/dronerunner.yaml create mode 100644 drone-ci/server/droneserver-ingress.yaml create mode 100644 drone-ci/server/droneserver-secret.yaml create mode 100644 drone-ci/server/droneserver.yaml diff --git a/drone-ci/runner/dronerunner-rbac.yaml b/drone-ci/runner/dronerunner-rbac.yaml new file mode 100644 index 0000000..91d2761 --- /dev/null +++ b/drone-ci/runner/dronerunner-rbac.yaml @@ -0,0 +1,40 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: drone + name: drone-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - create + - delete + - list + - watch + - update + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: drone-runner + namespace: drone +subjects: +- kind: ServiceAccount + name: drone-runner + namespace: drone +roleRef: + kind: Role + name: drone-runner + apiGroup: rbac.authorization.k8s.io diff --git a/drone-ci/runner/dronerunner.yaml b/drone-ci/runner/dronerunner.yaml new file mode 100644 index 0000000..4f77765 --- /dev/null +++ b/drone-ci/runner/dronerunner.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-runner + labels: + app.kubernetes.io/name: drone-runner +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: drone + template: + metadata: + labels: + app.kubernetes.io/name: drone + spec: + serviceAccountName: drone-runner + containers: + - name: runner + image: drone/drone-runner-kube:latest + ports: + - containerPort: 3000 + env: + - name: DRONE_NAMESPACE_DEFAULT + value: drone + - name: DRONE_SERVICE_ACCOUNT_DEFAULT + value: drone-runner + - name: DRONE_RPC_HOST + value: droneserver.drone + - name: DRONE_RPC_PROTO + value: http + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_RPC_SECRET +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: drone-runner + labels: + app.kubernetes.io/name: drone-runner \ No newline at end of file diff --git a/drone-ci/server/droneserver-ingress.yaml b/drone-ci/server/droneserver-ingress.yaml new file mode 100644 index 0000000..b6b0b66 --- /dev/null +++ b/drone-ci/server/droneserver-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: drone-server + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + rules: + - host: drone.marceldempers.dev + http: + paths: + - backend: + serviceName: droneserver + servicePort: 80 + path: / \ No newline at end of file diff --git a/drone-ci/server/droneserver-secret.yaml b/drone-ci/server/droneserver-secret.yaml new file mode 100644 index 0000000..afaa18f --- /dev/null +++ b/drone-ci/server/droneserver-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: drone-server-secret +type: Opaque +data: + DRONE_GITHUB_CLIENT_ID: xxxxxxx + DRONE_GITHUB_CLIENT_SECRET: xxxxxxx + DRONE_RPC_SECRET: xxxxxxx + DRONE_DATABASE_DATASOURCE: xxxxxxx + DRONE_USER_CREATE: xxxxxxx + DRONE_SERVER_HOST: xxxxxxx \ No newline at end of file diff --git a/drone-ci/server/droneserver.yaml b/drone-ci/server/droneserver.yaml new file mode 100644 index 0000000..2f04358 --- /dev/null +++ b/drone-ci/server/droneserver.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-server + labels: + app: drone-server + annotations: +spec: + selector: + matchLabels: + app: drone-server + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: drone-server + spec: + containers: + - name: drone-server + image: drone/drone:1.6.5 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 + - containerPort: 443 + env: + - name: DRONE_USER_CREATE + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_USER_CREATE + - name: DRONE_DATABASE_DRIVER + value: postgres + - name: DRONE_DATABASE_DATASOURCE + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_DATABASE_DATASOURCE + - name: DRONE_SERVER_PROTO + value: https + - name: DRONE_SERVER_HOST + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_SERVER_HOST + - name: DRONE_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_GITHUB_CLIENT_ID + - name: DRONE_GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_GITHUB_CLIENT_SECRET + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_RPC_SECRET +--- +apiVersion: v1 +kind: Service +metadata: + name: droneserver + labels: + app: drone-server +spec: + type: ClusterIP + selector: + app: drone-server + ports: + - protocol: TCP + name: http + port: 80 + targetPort: 80 + - protocol: TCP + name: https + port: 443 + targetPort: 443 \ No newline at end of file