install drone

This commit is contained in:
Tobias Brunner 2020-02-08 15:50:11 +01:00
parent b9bd872e96
commit 61b77a0ca9
7 changed files with 213 additions and 0 deletions

21
_apps/drone.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: drone
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: drone
server: https://kubernetes.default.svc
project: default
source:
path: drone
repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
targetRevision: HEAD
---
apiVersion: v1
kind: Namespace
metadata:
name: drone

69
drone/drone.yaml Normal file
View File

@ -0,0 +1,69 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: drone
name: drone
namespace: drone
spec:
replicas: 1
selector:
matchLabels:
app: drone
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: drone
spec:
containers:
- env:
- name: DRONE_GITHUB_SERVER
value: https://github.com
- name: DRONE_KUBERNETES_ENABLED
value: "true"
- name: DRONE_KUBERNETES_NAMESPACE
value: drone
- name: DRONE_SERVER_HOST
value: drone.tbrnt.ch
- name: DRONE_SERVER_PROTO
value: https
envFrom:
- secretRef:
name: drone
image: docker.io/drone/drone:1.6.5
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: http
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: drone
ports:
- containerPort: 80
name: http
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: data
persistentVolumeClaim:
claimName: data

23
drone/ingress.yaml Normal file
View File

@ -0,0 +1,23 @@
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
ingress.kubernetes.io/ssl-redirect: "true"
labels:
app: drone
name: drone
namespace: drone
spec:
rules:
- host: drone.tbrnt.ch
http:
paths:
- backend:
serviceName: drone
servicePort: 80
tls:
- hosts:
- drone.tbrnt.ch
secretName: drone-cert

16
drone/pvc.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: drone
labels:
app: drone
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: local-path

49
drone/rbac.yaml Normal file
View File

@ -0,0 +1,49 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: drone
labels:
app: drone
rules:
- apiGroups: [""]
resources:
- configmaps
- namespaces
- pods
- secrets
verbs:
- create
- get
- list
- delete
- watch
- apiGroups: [""]
resources:
- pods/log
verbs:
- get
- apiGroups: ["batch"]
resources:
- jobs
verbs:
- create
- get
- list
- watch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: drone
labels:
app: drone
subjects:
- kind: ServiceAccount
name: default
namespace: drone
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: drone

18
drone/secret.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: drone
namespace: drone
spec:
encryptedData:
DRONE_GITHUB_CLIENT_ID: AgAxhNP+pOs5r6iSxYsSKLrlUCO3mAmF/24DL3CjYyAh5ne8SLGA6P9vt14Cz0N8nVT75hgU2CZOqqLbJaogXQMKWEBTXQFM9JA+pBmGVlAdi8ePMnHT4EeaSBDBP83FdugHhjsvtgHxPh3y9GrYmzRaOXRO5JG2Jw7s1EDn99i4PUlh9iJKvEmmefP1RTrvRtNSwdazBFD2AoSaFfzoomk07ryWbiK3lxrXTdxeIQz0jpkbZZzM/gdGL7M3u2xjL9ufZQ7pEPd7Ed4DEphtfs88JtM77LuoE65x5TDdCBVMV1bxjP1kKLQx+DUzjwkNaCr2rAgmrhyjJCPkfhuXdXI1lY6nMvNguC/yzCvYw76m8NmffaF6hyenBQ/lGnkPvuX6P23VN+45Q5qoahOzBiZ+sGtPNrn1PXbxpeoFd/IWsH9LBriYTcgz8Ltd76iShQCgwe0ctnUZIJxbVx4l/3hzpBzTYs8LOO8fV7Tgc9LwKLkGDrzWT1Q/ZslpY5SpG0O6kg0YrytdUD8Qe73Cb65PoDnJb78GiRlq76vX8EyEScMTqMaLsHC/qqh4JTFC/7Hg6LdXuOO7xUxSpD2g0ay8IZ7NOfsvorYMFxBIVsMMniYifSKuYQtseT3QgEiR0QdL3zisp10u/kCgobta6qfSyRmUUB2M0t0fA5Tgrz5aULgm20+lz8PAygBH9BMh2kpaS/ndTh3J5LlUK/410ncUouaa4Q==
DRONE_GITHUB_CLIENT_SECRET: AgCvgiN/lzvk9/j4YIAsJRAHGXfh37GqbAW85YZVwi9r0Qa0wzTyTR2FUZ0PNN2gTHGbKJXi+bSFZvwA0tcWzdGSFV6ky0dAw7HXrhQDgi6FN3Z7oaUIRsozrSvdmx9aWR0sGtc0cWKnphko6Yzk3HXeyP6OjwE2FTCCkz11RFVlUn0vHWf7SAUigaOHIBP2zfP2ZlGzTcUrOF+c7z8vEElePbeWn24ymANcRIPxlTbfxfMXX3gKbvo1Wm3aXXDK915KRKCsV/IlfBPHDJ1x+uYeMCHn//a0pC36J5EqSpJAa6x5X8YwdSBrsDoRbHWeGk/l3/tKdDjHK2Ds4BkbvrkYIJHPeSHzLsOFKwAINRliqGSRp6ZmMX2gjVbuk1vO3XstxJWAD8NpWrC89IiEGghJO3gUiM4JpYd9M4h1WWHVLXuu6GAfC9Wy8i6u/myn2posEAnRnCvy/+3MsuQLyIJoGXxBOBOgkWTwXb+/tLqOyhfPdbbpsqzr8uMWLw+jZxJEDiXrPrzYb58pgZChwIk8JNpMA0df5AGyNkXBALtm4GISyctSSTR5txjwutBOHjdqXimVy7CZq4Y7h5+QPet7nlbkqWUzNlUZSws+/ZBiUBXOiu3DlmNSE1lB8YfRRVm9hzMzhmSSQh0D6/rvT/edpE3LHIEdtJywGOnWLCZh4VvPIPno4HKfWptDpcnW77LHgWhacnlBRRlQYAgTIwVx/2h/OH6sLMiIT4M6mWEtnNd1PK6mwCPz
DRONE_RPC_SECRET: AgDYNo+V/dZVfgIoRxTpybs0Il77pKTys79l/5BH4vplRbMLe4HA701QDUwLJjcIsO67ZyTa3CeWsTykX9vfPelzl6oP+XSww2NmoP1RAzP6jO8ULZ0oORzwqfIJ8upIFVAkBaZerK8bZCBxQqkL7emwT59Tk83JxU5XWILmp1ximQz13KZiGS1m4AMyziu2fWBNnsEC+cRkdwF3h5O5ERGXikK2UsSm9HSw/GmjdW2K90P8nuicn7StuOwnAm8OJXdz4FcNj2DC4I/zrhAsoLM/BZernxgcNk+7kkQ3p+Xsv3hUQJ7yvGnkmQS/FrOaOfXvuCa2+1G1Ju3O7RMeAvPpYQwQVzYrhG2b7ZmWs0i+3EnPk6cZIBsc3N636Q07lrdGCd61fViU2lHFInVyw/7iHJGZH8Ww8yp+UEpOpvOaBApz4enXmDscmbZON1RITjk3l7Lu2zpKsOJPVhw3w4P7NfvMtYGnynf7QeH//KIm0X8DlYmUgcqOZkPefuz4epPuMhLCH8efqm5S9oTg5ddXNFEhSX0XDrgBirPdx3xKl7gWfp1BT8ij8HlDSCZYOj/pcFOPugXUz+YOfAzhJw51Ly0LQFijYK8Vw0x7hmM6d8G95tbGQKjceSYS48FV2YtKnsr95Cl6WovoSwYoMkUqrfQWkiMGYZmfmGlLy1qnPAZU71PPccpLMTRUmO2bnb6y6PkxFW2+hgAqWC3miSonHJ+IOCR3c5UO3Vuyp1VD9w==
template:
metadata:
creationTimestamp: null
name: drone
namespace: drone
status: {}

17
drone/service.yaml Normal file
View File

@ -0,0 +1,17 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app: drone
name: drone
namespace: drone
spec:
ports:
- port: 80
protocol: TCP
targetPort: http
selector:
app: drone
sessionAffinity: None
type: ClusterIP