From 9cbd2107045bef40473404d178495da2f1298eb2 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 11:46:17 +1000 Subject: [PATCH 01/11] test drone.yml --- drone-ci/drone.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 drone-ci/drone.yml diff --git a/drone-ci/drone.yml b/drone-ci/drone.yml new file mode 100644 index 0000000..ec56e31 --- /dev/null +++ b/drone-ci/drone.yml @@ -0,0 +1,16 @@ +kind: pipeline +name: default + +steps: +- name: test + image: docker:dind + volumes: + - name: dockersock + path: /var/run/docker.sock + commands: + - docker ps -a + +volumes: +- name: dockersock + host: + path: /var/run/docker.sock \ No newline at end of file From 4ae1661ece39173467730215604f9311c3b1b6ca Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 17:27:37 +1000 Subject: [PATCH 02/11] test postgres server --- drone-ci/postgres/postgres.yaml | 49 +++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 drone-ci/postgres/postgres.yaml diff --git a/drone-ci/postgres/postgres.yaml b/drone-ci/postgres/postgres.yaml new file mode 100644 index 0000000..6a3392c --- /dev/null +++ b/drone-ci/postgres/postgres.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-config + labels: + app: postgres +data: + POSTGRES_DB: postgresdb + POSTGRES_USER: postgresadmin + POSTGRES_PASSWORD: admin123 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres +spec: + selector: + matchLabels: + app: postgres + replicas: 1 + template: + metadata: + labels: + app: postgres + spec: + containers: + - name: postgres + image: postgres:10.4 + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 5432 + envFrom: + - configMapRef: + name: postgres-config +--- +apiVersion: v1 +kind: Service +metadata: + name: postgres + labels: + app: postgres +spec: + selector: + app: postgres + ports: + - protocol: TCP + name: http + port: 5432 + targetPort: 5432 \ No newline at end of file From cc780b2df3250db4199c872eb2c72abf931b04f2 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 17:35:17 +1000 Subject: [PATCH 03/11] test pipeline --- drone-ci/drone.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drone-ci/drone.yml b/drone-ci/drone.yml index ec56e31..c072689 100644 --- a/drone-ci/drone.yml +++ b/drone-ci/drone.yml @@ -1,4 +1,6 @@ +--- kind: pipeline +type: kubernetes name: default steps: @@ -6,11 +8,19 @@ steps: image: docker:dind volumes: - name: dockersock - path: /var/run/docker.sock + path: /var/run commands: + - sleep 5 # give docker enough time to start - docker ps -a +services: +- name: docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run + volumes: - name: dockersock - host: - path: /var/run/docker.sock \ No newline at end of file + temp: {} \ No newline at end of file From d11a11754f16bb61a1e791cb03423cf10367a9f9 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 17:59:30 +1000 Subject: [PATCH 04/11] try a go build --- drone-ci/drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drone-ci/drone.yml b/drone-ci/drone.yml index c072689..79035cd 100644 --- a/drone-ci/drone.yml +++ b/drone-ci/drone.yml @@ -11,7 +11,7 @@ steps: path: /var/run commands: - sleep 5 # give docker enough time to start - - docker ps -a + - docker build ./golang -t aimvector/golang:1.0.0 services: - name: docker From 9d008aa662bef24988d623fb0552e43c33080033 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 18:05:06 +1000 Subject: [PATCH 05/11] consume secrets for docker registry --- drone-ci/drone.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drone-ci/drone.yml b/drone-ci/drone.yml index 79035cd..41df286 100644 --- a/drone-ci/drone.yml +++ b/drone-ci/drone.yml @@ -4,14 +4,21 @@ type: kubernetes name: default steps: -- name: test +- name: build-push image: docker:dind volumes: - name: dockersock path: /var/run + environment: + DOCKER_USER: + from_secret: DOCKER_USER + DOCKER_PASSWORD: + from_secret: DOCKER_PASSWORD commands: - sleep 5 # give docker enough time to start + - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - docker build ./golang -t aimvector/golang:1.0.0 + - docker push aimvector/golang:1.0.0 services: - name: docker @@ -20,7 +27,6 @@ services: volumes: - name: dockersock path: /var/run - volumes: - name: dockersock temp: {} \ No newline at end of file From 40277221824d1f3a0136bc6b284b969100d8dd43 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 18:33:07 +1000 Subject: [PATCH 06/11] convert to statefulset --- drone-ci/postgres/postgres.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drone-ci/postgres/postgres.yaml b/drone-ci/postgres/postgres.yaml index 6a3392c..cd95f5c 100644 --- a/drone-ci/postgres/postgres.yaml +++ b/drone-ci/postgres/postgres.yaml @@ -10,10 +10,11 @@ data: POSTGRES_PASSWORD: admin123 --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: postgres spec: + serviceName: "postgres" selector: matchLabels: app: postgres From 96827d354396e744cfb68e5bcc8d58241ad586bf Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 18:41:12 +1000 Subject: [PATCH 07/11] disable github action trigger --- .github/workflows/docker.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index fd79a98..1973fc7 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,6 +1,7 @@ name: Docker Series Builds -on: [push] +#uncomment to enable push trigger +#on: [push] jobs: build: From 7a756c20a962c46567fb5eabcbf4aa15d17bbee7 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Wed, 13 May 2020 18:51:10 +1000 Subject: [PATCH 08/11] drone stuff --- drone-ci/runner/dronerunner-rbac.yaml | 40 +++++++++++ drone-ci/runner/dronerunner.yaml | 43 ++++++++++++ drone-ci/server/droneserver-ingress.yaml | 18 +++++ drone-ci/server/droneserver-secret.yaml | 12 ++++ drone-ci/server/droneserver.yaml | 84 ++++++++++++++++++++++++ 5 files changed, 197 insertions(+) create mode 100644 drone-ci/runner/dronerunner-rbac.yaml create mode 100644 drone-ci/runner/dronerunner.yaml create mode 100644 drone-ci/server/droneserver-ingress.yaml create mode 100644 drone-ci/server/droneserver-secret.yaml create mode 100644 drone-ci/server/droneserver.yaml diff --git a/drone-ci/runner/dronerunner-rbac.yaml b/drone-ci/runner/dronerunner-rbac.yaml new file mode 100644 index 0000000..91d2761 --- /dev/null +++ b/drone-ci/runner/dronerunner-rbac.yaml @@ -0,0 +1,40 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: drone + name: drone-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - create + - delete + - list + - watch + - update + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: drone-runner + namespace: drone +subjects: +- kind: ServiceAccount + name: drone-runner + namespace: drone +roleRef: + kind: Role + name: drone-runner + apiGroup: rbac.authorization.k8s.io diff --git a/drone-ci/runner/dronerunner.yaml b/drone-ci/runner/dronerunner.yaml new file mode 100644 index 0000000..4f77765 --- /dev/null +++ b/drone-ci/runner/dronerunner.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-runner + labels: + app.kubernetes.io/name: drone-runner +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: drone + template: + metadata: + labels: + app.kubernetes.io/name: drone + spec: + serviceAccountName: drone-runner + containers: + - name: runner + image: drone/drone-runner-kube:latest + ports: + - containerPort: 3000 + env: + - name: DRONE_NAMESPACE_DEFAULT + value: drone + - name: DRONE_SERVICE_ACCOUNT_DEFAULT + value: drone-runner + - name: DRONE_RPC_HOST + value: droneserver.drone + - name: DRONE_RPC_PROTO + value: http + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_RPC_SECRET +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: drone-runner + labels: + app.kubernetes.io/name: drone-runner \ No newline at end of file diff --git a/drone-ci/server/droneserver-ingress.yaml b/drone-ci/server/droneserver-ingress.yaml new file mode 100644 index 0000000..b6b0b66 --- /dev/null +++ b/drone-ci/server/droneserver-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: drone-server + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + rules: + - host: drone.marceldempers.dev + http: + paths: + - backend: + serviceName: droneserver + servicePort: 80 + path: / \ No newline at end of file diff --git a/drone-ci/server/droneserver-secret.yaml b/drone-ci/server/droneserver-secret.yaml new file mode 100644 index 0000000..afaa18f --- /dev/null +++ b/drone-ci/server/droneserver-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: drone-server-secret +type: Opaque +data: + DRONE_GITHUB_CLIENT_ID: xxxxxxx + DRONE_GITHUB_CLIENT_SECRET: xxxxxxx + DRONE_RPC_SECRET: xxxxxxx + DRONE_DATABASE_DATASOURCE: xxxxxxx + DRONE_USER_CREATE: xxxxxxx + DRONE_SERVER_HOST: xxxxxxx \ No newline at end of file diff --git a/drone-ci/server/droneserver.yaml b/drone-ci/server/droneserver.yaml new file mode 100644 index 0000000..2f04358 --- /dev/null +++ b/drone-ci/server/droneserver.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone-server + labels: + app: drone-server + annotations: +spec: + selector: + matchLabels: + app: drone-server + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: drone-server + spec: + containers: + - name: drone-server + image: drone/drone:1.6.5 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 + - containerPort: 443 + env: + - name: DRONE_USER_CREATE + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_USER_CREATE + - name: DRONE_DATABASE_DRIVER + value: postgres + - name: DRONE_DATABASE_DATASOURCE + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_DATABASE_DATASOURCE + - name: DRONE_SERVER_PROTO + value: https + - name: DRONE_SERVER_HOST + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_SERVER_HOST + - name: DRONE_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_GITHUB_CLIENT_ID + - name: DRONE_GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_GITHUB_CLIENT_SECRET + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: drone-server-secret + key: DRONE_RPC_SECRET +--- +apiVersion: v1 +kind: Service +metadata: + name: droneserver + labels: + app: drone-server +spec: + type: ClusterIP + selector: + app: drone-server + ports: + - protocol: TCP + name: http + port: 80 + targetPort: 80 + - protocol: TCP + name: https + port: 443 + targetPort: 443 \ No newline at end of file From b811a5723a435bda47cb77d9849ebcef2f5fcf70 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sat, 16 May 2020 12:02:40 +1000 Subject: [PATCH 09/11] test a change --- drone-ci/drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drone-ci/drone.yml b/drone-ci/drone.yml index 41df286..162177c 100644 --- a/drone-ci/drone.yml +++ b/drone-ci/drone.yml @@ -15,7 +15,7 @@ steps: DOCKER_PASSWORD: from_secret: DOCKER_PASSWORD commands: - - sleep 5 # give docker enough time to start + - sleep 5 ## give docker enough time to start - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - docker build ./golang -t aimvector/golang:1.0.0 - docker push aimvector/golang:1.0.0 From 151375082e81a91e417aaeb43026194966bc72f8 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sat, 16 May 2020 12:22:43 +1000 Subject: [PATCH 10/11] drone files --- ...erver.yaml => droneserver-deployment.yaml} | 20 ------------------- drone-ci/server/droneserver-secret.yaml | 12 +++++------ drone-ci/server/droneserver-service.yaml | 19 ++++++++++++++++++ 3 files changed, 25 insertions(+), 26 deletions(-) rename drone-ci/server/{droneserver.yaml => droneserver-deployment.yaml} (84%) create mode 100644 drone-ci/server/droneserver-service.yaml diff --git a/drone-ci/server/droneserver.yaml b/drone-ci/server/droneserver-deployment.yaml similarity index 84% rename from drone-ci/server/droneserver.yaml rename to drone-ci/server/droneserver-deployment.yaml index 2f04358..d845da0 100644 --- a/drone-ci/server/droneserver.yaml +++ b/drone-ci/server/droneserver-deployment.yaml @@ -62,23 +62,3 @@ spec: secretKeyRef: name: drone-server-secret key: DRONE_RPC_SECRET ---- -apiVersion: v1 -kind: Service -metadata: - name: droneserver - labels: - app: drone-server -spec: - type: ClusterIP - selector: - app: drone-server - ports: - - protocol: TCP - name: http - port: 80 - targetPort: 80 - - protocol: TCP - name: https - port: 443 - targetPort: 443 \ No newline at end of file diff --git a/drone-ci/server/droneserver-secret.yaml b/drone-ci/server/droneserver-secret.yaml index afaa18f..6c0a9a9 100644 --- a/drone-ci/server/droneserver-secret.yaml +++ b/drone-ci/server/droneserver-secret.yaml @@ -4,9 +4,9 @@ metadata: name: drone-server-secret type: Opaque data: - DRONE_GITHUB_CLIENT_ID: xxxxxxx - DRONE_GITHUB_CLIENT_SECRET: xxxxxxx - DRONE_RPC_SECRET: xxxxxxx - DRONE_DATABASE_DATASOURCE: xxxxxxx - DRONE_USER_CREATE: xxxxxxx - DRONE_SERVER_HOST: xxxxxxx \ No newline at end of file + DRONE_GITHUB_CLIENT_ID: xxxxxxx #Get this from GitHub OAUTH + DRONE_GITHUB_CLIENT_SECRET: xxxxxxx #Get this from GitHub OAUTH + DRONE_RPC_SECRET: xxxxxxx #openssl rand -hex 16 + DRONE_DATABASE_DATASOURCE: xxxxxxx #postgres://postgresadmin:admin123@postgres:5432/postgresdb?sslmode=disable + DRONE_USER_CREATE: xxxxxxx #username:marcel-dempers,admin:true + DRONE_SERVER_HOST: xxxxxxx #drone.marceldempers.dev \ No newline at end of file diff --git a/drone-ci/server/droneserver-service.yaml b/drone-ci/server/droneserver-service.yaml new file mode 100644 index 0000000..b6a7c74 --- /dev/null +++ b/drone-ci/server/droneserver-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: droneserver + labels: + app: drone-server +spec: + type: ClusterIP + selector: + app: drone-server + ports: + - protocol: TCP + name: http + port: 80 + targetPort: 80 + - protocol: TCP + name: https + port: 443 + targetPort: 443 \ No newline at end of file From 4a718795217f47a9073a03dc4c7aafd5e5c33794 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sat, 16 May 2020 12:23:05 +1000 Subject: [PATCH 11/11] disable actions --- .github/workflows/docker.yml | 64 ++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 1973fc7..6e002e2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,34 +1,34 @@ -name: Docker Series Builds +# name: Docker Series Builds -#uncomment to enable push trigger -#on: [push] +# #uncomment to enable push trigger +# #on: [push] -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: docker login - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - run: | - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - - name: docker build csharp - run: | - docker build ./c# -t aimvector/csharp:1.0.0 - - name: docker build nodejs - run: | - docker build ./nodejs -t aimvector/nodejs:1.0.0 - - name: docker build python - run: | - docker build ./python -t aimvector/python:1.0.0 - - name: docker build golang - run: | - docker build ./golang -t aimvector/golang:1.0.0 - - name: docker push - run: | - docker push aimvector/csharp:1.0.0 - docker push aimvector/nodejs:1.0.0 - docker push aimvector/golang:1.0.0 - docker push aimvector/python:1.0.0 +# jobs: +# build: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v2 +# - name: docker login +# env: +# DOCKER_USER: ${{ secrets.DOCKER_USER }} +# DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} +# run: | +# docker login -u $DOCKER_USER -p $DOCKER_PASSWORD +# - name: docker build csharp +# run: | +# docker build ./c# -t aimvector/csharp:1.0.0 +# - name: docker build nodejs +# run: | +# docker build ./nodejs -t aimvector/nodejs:1.0.0 +# - name: docker build python +# run: | +# docker build ./python -t aimvector/python:1.0.0 +# - name: docker build golang +# run: | +# docker build ./golang -t aimvector/golang:1.0.0 +# - name: docker push +# run: | +# docker push aimvector/csharp:1.0.0 +# docker push aimvector/nodejs:1.0.0 +# docker push aimvector/golang:1.0.0 +# docker push aimvector/python:1.0.0