From 61b77a0ca9bd23a8c1e943d2fb320a9c7ca0b858 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Sat, 8 Feb 2020 15:50:11 +0100 Subject: [PATCH] install drone --- _apps/drone.yaml | 21 ++++++++++++++ drone/drone.yaml | 69 ++++++++++++++++++++++++++++++++++++++++++++++ drone/ingress.yaml | 23 ++++++++++++++++ drone/pvc.yaml | 16 +++++++++++ drone/rbac.yaml | 49 ++++++++++++++++++++++++++++++++ drone/secret.yaml | 18 ++++++++++++ drone/service.yaml | 17 ++++++++++++ 7 files changed, 213 insertions(+) create mode 100644 _apps/drone.yaml create mode 100644 drone/drone.yaml create mode 100644 drone/ingress.yaml create mode 100644 drone/pvc.yaml create mode 100644 drone/rbac.yaml create mode 100644 drone/secret.yaml create mode 100644 drone/service.yaml diff --git a/_apps/drone.yaml b/_apps/drone.yaml new file mode 100644 index 0000000..8e83b43 --- /dev/null +++ b/_apps/drone.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: drone + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: drone + server: https://kubernetes.default.svc + project: default + source: + path: drone + repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git + targetRevision: HEAD +--- +apiVersion: v1 +kind: Namespace +metadata: + name: drone diff --git a/drone/drone.yaml b/drone/drone.yaml new file mode 100644 index 0000000..4dfb700 --- /dev/null +++ b/drone/drone.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: drone + name: drone + namespace: drone +spec: + replicas: 1 + selector: + matchLabels: + app: drone + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: drone + spec: + containers: + - env: + - name: DRONE_GITHUB_SERVER + value: https://github.com + - name: DRONE_KUBERNETES_ENABLED + value: "true" + - name: DRONE_KUBERNETES_NAMESPACE + value: drone + - name: DRONE_SERVER_HOST + value: drone.tbrnt.ch + - name: DRONE_SERVER_PROTO + value: https + envFrom: + - secretRef: + name: drone + image: docker.io/drone/drone:1.6.5 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: http + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: drone + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data + name: data + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: data + persistentVolumeClaim: + claimName: data diff --git a/drone/ingress.yaml b/drone/ingress.yaml new file mode 100644 index 0000000..db2af30 --- /dev/null +++ b/drone/ingress.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingress.kubernetes.io/ssl-redirect: "true" + labels: + app: drone + name: drone + namespace: drone +spec: + rules: + - host: drone.tbrnt.ch + http: + paths: + - backend: + serviceName: drone + servicePort: 80 + tls: + - hosts: + - drone.tbrnt.ch + secretName: drone-cert diff --git a/drone/pvc.yaml b/drone/pvc.yaml new file mode 100644 index 0000000..cad2a65 --- /dev/null +++ b/drone/pvc.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: data + namespace: drone + labels: + app: drone +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi + storageClassName: local-path diff --git a/drone/rbac.yaml b/drone/rbac.yaml new file mode 100644 index 0000000..84fab9a --- /dev/null +++ b/drone/rbac.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: drone + labels: + app: drone +rules: +- apiGroups: [""] + resources: + - configmaps + - namespaces + - pods + - secrets + verbs: + - create + - get + - list + - delete + - watch +- apiGroups: [""] + resources: + - pods/log + verbs: + - get +- apiGroups: ["batch"] + resources: + - jobs + verbs: + - create + - get + - list + - watch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: drone + labels: + app: drone +subjects: +- kind: ServiceAccount + name: default + namespace: drone +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: drone diff --git a/drone/secret.yaml b/drone/secret.yaml new file mode 100644 index 0000000..5448f97 --- /dev/null +++ b/drone/secret.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: drone + namespace: drone +spec: + encryptedData: + DRONE_GITHUB_CLIENT_ID: AgAxhNP+pOs5r6iSxYsSKLrlUCO3mAmF/24DL3CjYyAh5ne8SLGA6P9vt14Cz0N8nVT75hgU2CZOqqLbJaogXQMKWEBTXQFM9JA+pBmGVlAdi8ePMnHT4EeaSBDBP83FdugHhjsvtgHxPh3y9GrYmzRaOXRO5JG2Jw7s1EDn99i4PUlh9iJKvEmmefP1RTrvRtNSwdazBFD2AoSaFfzoomk07ryWbiK3lxrXTdxeIQz0jpkbZZzM/gdGL7M3u2xjL9ufZQ7pEPd7Ed4DEphtfs88JtM77LuoE65x5TDdCBVMV1bxjP1kKLQx+DUzjwkNaCr2rAgmrhyjJCPkfhuXdXI1lY6nMvNguC/yzCvYw76m8NmffaF6hyenBQ/lGnkPvuX6P23VN+45Q5qoahOzBiZ+sGtPNrn1PXbxpeoFd/IWsH9LBriYTcgz8Ltd76iShQCgwe0ctnUZIJxbVx4l/3hzpBzTYs8LOO8fV7Tgc9LwKLkGDrzWT1Q/ZslpY5SpG0O6kg0YrytdUD8Qe73Cb65PoDnJb78GiRlq76vX8EyEScMTqMaLsHC/qqh4JTFC/7Hg6LdXuOO7xUxSpD2g0ay8IZ7NOfsvorYMFxBIVsMMniYifSKuYQtseT3QgEiR0QdL3zisp10u/kCgobta6qfSyRmUUB2M0t0fA5Tgrz5aULgm20+lz8PAygBH9BMh2kpaS/ndTh3J5LlUK/410ncUouaa4Q== + DRONE_GITHUB_CLIENT_SECRET: AgCvgiN/lzvk9/j4YIAsJRAHGXfh37GqbAW85YZVwi9r0Qa0wzTyTR2FUZ0PNN2gTHGbKJXi+bSFZvwA0tcWzdGSFV6ky0dAw7HXrhQDgi6FN3Z7oaUIRsozrSvdmx9aWR0sGtc0cWKnphko6Yzk3HXeyP6OjwE2FTCCkz11RFVlUn0vHWf7SAUigaOHIBP2zfP2ZlGzTcUrOF+c7z8vEElePbeWn24ymANcRIPxlTbfxfMXX3gKbvo1Wm3aXXDK915KRKCsV/IlfBPHDJ1x+uYeMCHn//a0pC36J5EqSpJAa6x5X8YwdSBrsDoRbHWeGk/l3/tKdDjHK2Ds4BkbvrkYIJHPeSHzLsOFKwAINRliqGSRp6ZmMX2gjVbuk1vO3XstxJWAD8NpWrC89IiEGghJO3gUiM4JpYd9M4h1WWHVLXuu6GAfC9Wy8i6u/myn2posEAnRnCvy/+3MsuQLyIJoGXxBOBOgkWTwXb+/tLqOyhfPdbbpsqzr8uMWLw+jZxJEDiXrPrzYb58pgZChwIk8JNpMA0df5AGyNkXBALtm4GISyctSSTR5txjwutBOHjdqXimVy7CZq4Y7h5+QPet7nlbkqWUzNlUZSws+/ZBiUBXOiu3DlmNSE1lB8YfRRVm9hzMzhmSSQh0D6/rvT/edpE3LHIEdtJywGOnWLCZh4VvPIPno4HKfWptDpcnW77LHgWhacnlBRRlQYAgTIwVx/2h/OH6sLMiIT4M6mWEtnNd1PK6mwCPz + DRONE_RPC_SECRET: AgDYNo+V/dZVfgIoRxTpybs0Il77pKTys79l/5BH4vplRbMLe4HA701QDUwLJjcIsO67ZyTa3CeWsTykX9vfPelzl6oP+XSww2NmoP1RAzP6jO8ULZ0oORzwqfIJ8upIFVAkBaZerK8bZCBxQqkL7emwT59Tk83JxU5XWILmp1ximQz13KZiGS1m4AMyziu2fWBNnsEC+cRkdwF3h5O5ERGXikK2UsSm9HSw/GmjdW2K90P8nuicn7StuOwnAm8OJXdz4FcNj2DC4I/zrhAsoLM/BZernxgcNk+7kkQ3p+Xsv3hUQJ7yvGnkmQS/FrOaOfXvuCa2+1G1Ju3O7RMeAvPpYQwQVzYrhG2b7ZmWs0i+3EnPk6cZIBsc3N636Q07lrdGCd61fViU2lHFInVyw/7iHJGZH8Ww8yp+UEpOpvOaBApz4enXmDscmbZON1RITjk3l7Lu2zpKsOJPVhw3w4P7NfvMtYGnynf7QeH//KIm0X8DlYmUgcqOZkPefuz4epPuMhLCH8efqm5S9oTg5ddXNFEhSX0XDrgBirPdx3xKl7gWfp1BT8ij8HlDSCZYOj/pcFOPugXUz+YOfAzhJw51Ly0LQFijYK8Vw0x7hmM6d8G95tbGQKjceSYS48FV2YtKnsr95Cl6WovoSwYoMkUqrfQWkiMGYZmfmGlLy1qnPAZU71PPccpLMTRUmO2bnb6y6PkxFW2+hgAqWC3miSonHJ+IOCR3c5UO3Vuyp1VD9w== + template: + metadata: + creationTimestamp: null + name: drone + namespace: drone +status: {} + diff --git a/drone/service.yaml b/drone/service.yaml new file mode 100644 index 0000000..d0f4e6a --- /dev/null +++ b/drone/service.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: drone + name: drone + namespace: drone +spec: + ports: + - port: 80 + protocol: TCP + targetPort: http + selector: + app: drone + sessionAffinity: None + type: ClusterIP