drone stuff

marcel-dempers · marcel-dempers · commit 7a756c20a962 · 2020-05-13T18:51:10.000+10:00
diff --git a/drone-ci/runner/dronerunner-rbac.yaml b/drone-ci/runner/dronerunner-rbac.yaml
@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: drone
+  name: drone-runner
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - create
+  - delete
+  - list
+  - watch
+  - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone-runner
+  namespace: drone
+subjects:
+- kind: ServiceAccount
+  name: drone-runner
+  namespace: drone
+roleRef:
+  kind: Role
+  name: drone-runner
+  apiGroup: rbac.authorization.k8s.io
diff --git a/drone-ci/runner/dronerunner.yaml b/drone-ci/runner/dronerunner.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-runner
+  labels:
+    app.kubernetes.io/name: drone-runner
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: drone
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: drone
+    spec:
+      serviceAccountName: drone-runner
+      containers:
+      - name: runner
+        image: drone/drone-runner-kube:latest
+        ports:
+        - containerPort: 3000
+        env:
+        - name: DRONE_NAMESPACE_DEFAULT
+          value: drone
+        - name: DRONE_SERVICE_ACCOUNT_DEFAULT
+          value: drone-runner
+        - name: DRONE_RPC_HOST
+          value: droneserver.drone
+        - name: DRONE_RPC_PROTO
+          value: http
+        - name: DRONE_RPC_SECRET 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_RPC_SECRET
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: drone-runner
+  labels:
+    app.kubernetes.io/name: drone-runner
diff --git a/drone-ci/server/droneserver-ingress.yaml b/drone-ci/server/droneserver-ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: drone-server
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  rules:
+  - host: drone.marceldempers.dev
+    http:
+      paths:
+      - backend:
+          serviceName: droneserver
+          servicePort: 80
+        path: /
diff --git a/drone-ci/server/droneserver-secret.yaml b/drone-ci/server/droneserver-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: drone-server-secret
+type: Opaque
+data:
+  DRONE_GITHUB_CLIENT_ID: xxxxxxx
+  DRONE_GITHUB_CLIENT_SECRET: xxxxxxx
+  DRONE_RPC_SECRET: xxxxxxx
+  DRONE_DATABASE_DATASOURCE: xxxxxxx
+  DRONE_USER_CREATE: xxxxxxx
+  DRONE_SERVER_HOST: xxxxxxx
diff --git a/drone-ci/server/droneserver.yaml b/drone-ci/server/droneserver.yaml
@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-server
+  labels:
+    app: drone-server
+  annotations:
+spec:
+  selector:
+    matchLabels:
+      app: drone-server
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: drone-server
+    spec:
+      containers:
+      - name: drone-server
+        image: drone/drone:1.6.5
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+        - containerPort: 443
+        env:
+        - name: DRONE_USER_CREATE 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_USER_CREATE
+        - name: DRONE_DATABASE_DRIVER
+          value: postgres
+        - name: DRONE_DATABASE_DATASOURCE 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_DATABASE_DATASOURCE
+        - name: DRONE_SERVER_PROTO
+          value: https
+        - name: DRONE_SERVER_HOST 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_SERVER_HOST
+        - name: DRONE_GITHUB_CLIENT_ID 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_GITHUB_CLIENT_ID
+        - name: DRONE_GITHUB_CLIENT_SECRET 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_GITHUB_CLIENT_SECRET
+        - name: DRONE_RPC_SECRET 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_RPC_SECRET
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: droneserver
+  labels:
+    app: drone-server
+spec:
+  type: ClusterIP
+  selector:
+    app: drone-server
+  ports:
+    - protocol: TCP
+      name: http
+      port: 80
+      targetPort: 80
+    - protocol: TCP
+      name: https
+      port: 443
+      targetPort: 443
