diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fd79a98..6e002e2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,33 +1,34 @@ -name: Docker Series Builds +# name: Docker Series Builds -on: [push] +# #uncomment to enable push trigger +# #on: [push] -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: docker login - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - run: | - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - - name: docker build csharp - run: | - docker build ./c# -t aimvector/csharp:1.0.0 - - name: docker build nodejs - run: | - docker build ./nodejs -t aimvector/nodejs:1.0.0 - - name: docker build python - run: | - docker build ./python -t aimvector/python:1.0.0 - - name: docker build golang - run: | - docker build ./golang -t aimvector/golang:1.0.0 - - name: docker push - run: | - docker push aimvector/csharp:1.0.0 - docker push aimvector/nodejs:1.0.0 - docker push aimvector/golang:1.0.0 - docker push aimvector/python:1.0.0 +# jobs: +# build: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v2 +# - name: docker login +# env: +# DOCKER_USER: ${{ secrets.DOCKER_USER }} +# DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} +# run: | +# docker login -u $DOCKER_USER -p $DOCKER_PASSWORD +# - name: docker build csharp +# run: | +# docker build ./c# -t aimvector/csharp:1.0.0 +# - name: docker build nodejs +# run: | +# docker build ./nodejs -t aimvector/nodejs:1.0.0 +# - name: docker build python +# run: | +# docker build ./python -t aimvector/python:1.0.0 +# - name: docker build golang +# run: | +# docker build ./golang -t aimvector/golang:1.0.0 +# - name: docker push +# run: | +# docker push aimvector/csharp:1.0.0 +# docker push aimvector/nodejs:1.0.0 +# docker push aimvector/golang:1.0.0 +# docker push aimvector/python:1.0.0 diff --git a/drone-ci/drone.yml b/drone-ci/drone.yml new file mode 100644 index 0000000..162177c --- /dev/null +++ b/drone-ci/drone.yml @@ -0,0 +1,32 @@ +--- +kind: pipeline +type: kubernetes +name: default + +steps: +- name: build-push + image: docker:dind + volumes: + - name: dockersock + path: /var/run + environment: + DOCKER_USER: + from_secret: DOCKER_USER + DOCKER_PASSWORD: + from_secret: DOCKER_PASSWORD + commands: + - sleep 5 ## give docker enough time to start + - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD + - docker build ./golang -t aimvector/golang:1.0.0 + - docker push aimvector/golang:1.0.0 + +services: +- name: docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +volumes: +- name: dockersock + temp: {} \ No newline at end of file diff --git a/drone-ci/postgres/postgres.yaml b/drone-ci/postgres/postgres.yaml new file mode 100644 index 0000000..cd95f5c --- /dev/null +++ b/drone-ci/postgres/postgres.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-config + labels: + app: postgres +data: + POSTGRES_DB: postgresdb + POSTGRES_USER: postgresadmin + POSTGRES_PASSWORD: admin123 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgres +spec: + serviceName: "postgres" + selector: + matchLabels: + app: postgres + replicas: 1 + template: + metadata: + labels: + app: postgres + spec: + containers: + - name: postgres + image: postgres:10.4 + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 5432 + envFrom: + - configMapRef: + name: postgres-config +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres + labels: + app: postgres +spec: + selector: + app: postgres + ports: + - protocol: TCP + name: http + port: 5432 + targetPort: 5432 \ No newline at end of file diff --git a/drone-ci/runner/dronerunner-rbac.yaml b/drone-ci/runner/dronerunner-rbac.yaml new file mode 100644 index 0000000..91d2761 --- /dev/null +++ b/drone-ci/runner/dronerunner-rbac.yaml @@ -0,0 +1,40 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: drone + name: drone-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - create + - delete + - list + - watch + - update + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: drone-runner + namespace: drone +subjects: +- kind: ServiceAccount + name: drone-runner + namespace: drone +roleRef: + kind: Role + name: drone-runner + apiGroup: rbac.authorization.k8s.io diff --git a/drone-ci/runner/dronerunner.yaml b/drone-ci/runner/dronerunner.yaml new file mode 100644 index 0000000..4f77765 --- /dev/null +++ b/drone-ci/runner/dronerunner.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-runner + labels: + app.kubernetes.io/name: drone-runner +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: drone + template: + metadata: + labels: + app.kubernetes.io/name: drone + spec: + serviceAccountName: drone-runner + containers: + - name: runner + image: drone/drone-runner-kube:latest + ports: + - containerPort: 3000 + env: + - name: DRONE_NAMESPACE_DEFAULT + value: drone + - name: DRONE_SERVICE_ACCOUNT_DEFAULT + value: drone-runner + - name: DRONE_RPC_HOST + value: droneserver.drone + - name: DRONE_RPC_PROTO + value: http + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_RPC_SECRET +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: drone-runner + labels: + app.kubernetes.io/name: drone-runner \ No newline at end of file diff --git a/drone-ci/server/droneserver-deployment.yaml b/drone-ci/server/droneserver-deployment.yaml new file mode 100644 index 0000000..d845da0 --- /dev/null +++ b/drone-ci/server/droneserver-deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-server + labels: + app: drone-server + annotations: +spec: + selector: + matchLabels: + app: drone-server + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: drone-server + spec: + containers: + - name: drone-server + image: drone/drone:1.6.5 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 + - containerPort: 443 + env: + - name: DRONE_USER_CREATE + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_USER_CREATE + - name: DRONE_DATABASE_DRIVER + value: postgres + - name: DRONE_DATABASE_DATASOURCE + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_DATABASE_DATASOURCE + - name: DRONE_SERVER_PROTO + value: https + - name: DRONE_SERVER_HOST + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_SERVER_HOST + - name: DRONE_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_GITHUB_CLIENT_ID + - name: DRONE_GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_GITHUB_CLIENT_SECRET + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_RPC_SECRET diff --git a/drone-ci/server/droneserver-ingress.yaml b/drone-ci/server/droneserver-ingress.yaml new file mode 100644 index 0000000..b6b0b66 --- /dev/null +++ b/drone-ci/server/droneserver-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: drone-server + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + rules: + - host: drone.marceldempers.dev + http: + paths: + - backend: + serviceName: droneserver + servicePort: 80 + path: / \ No newline at end of file diff --git a/drone-ci/server/droneserver-secret.yaml b/drone-ci/server/droneserver-secret.yaml new file mode 100644 index 0000000..6c0a9a9 --- /dev/null +++ b/drone-ci/server/droneserver-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: drone-server-secret +type: Opaque +data: + DRONE_GITHUB_CLIENT_ID: xxxxxxx #Get this from GitHub OAUTH + DRONE_GITHUB_CLIENT_SECRET: xxxxxxx #Get this from GitHub OAUTH + DRONE_RPC_SECRET: xxxxxxx #openssl rand -hex 16 + DRONE_DATABASE_DATASOURCE: xxxxxxx #postgres://postgresadmin:admin123@postgres:5432/postgresdb?sslmode=disable + DRONE_USER_CREATE: xxxxxxx #username:marcel-dempers,admin:true + DRONE_SERVER_HOST: xxxxxxx #drone.marceldempers.dev \ No newline at end of file diff --git a/drone-ci/server/droneserver-service.yaml b/drone-ci/server/droneserver-service.yaml new file mode 100644 index 0000000..b6a7c74 --- /dev/null +++ b/drone-ci/server/droneserver-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: droneserver + labels: + app: drone-server +spec: + type: ClusterIP + selector: + app: drone-server + ports: + - protocol: TCP + name: http + port: 80 + targetPort: 80 + - protocol: TCP + name: https + port: 443 + targetPort: 443 \ No newline at end of file