From 0cc06ea7fdba39b781ad97b25ad54a24ce83e161 Mon Sep 17 00:00:00 2001
From: Liam <liam@fascinated.cc>
Date: Mon, 23 Sep 2024 22:05:44 +0100
Subject: [PATCH] feat(apps): drone-ci

---
 .../apps/production/drone/deployment.yaml     | 53 +++++++++++++++++++
 kubernetes/apps/production/drone/ingress.yaml | 22 ++++++++
 .../apps/production/drone/kustomization.yaml  | 11 ++++
 .../apps/production/drone/namespace.yaml      |  5 ++
 kubernetes/apps/production/drone/pvc.yaml     | 12 +++++
 .../apps/production/drone/sealed-secrets.yaml | 15 ++++++
 kubernetes/apps/production/drone/service.yaml | 17 ++++++
 .../apps/production/flyimg/ingress.yaml       |  2 +-
 8 files changed, 136 insertions(+), 1 deletion(-)
 create mode 100644 kubernetes/apps/production/drone/deployment.yaml
 create mode 100644 kubernetes/apps/production/drone/ingress.yaml
 create mode 100644 kubernetes/apps/production/drone/kustomization.yaml
 create mode 100644 kubernetes/apps/production/drone/namespace.yaml
 create mode 100644 kubernetes/apps/production/drone/pvc.yaml
 create mode 100644 kubernetes/apps/production/drone/sealed-secrets.yaml
 create mode 100644 kubernetes/apps/production/drone/service.yaml

diff --git a/kubernetes/apps/production/drone/deployment.yaml b/kubernetes/apps/production/drone/deployment.yaml
new file mode 100644
index 0000000..111395b
--- /dev/null
+++ b/kubernetes/apps/production/drone/deployment.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-deployment
+  namespace: drone-ci
+  labels:
+    app: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: drone
+  template:
+    metadata:
+      labels:
+        app: drone
+    spec:
+      containers:
+        - name: drone
+          image: drone/drone:2
+          ports:
+            - containerPort: 80
+            - containerPort: 443
+          env:
+            - name: DRONE_GITEA_SERVER
+              value: "https://try.gitea.io"
+            - name: DRONE_GITEA_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_GITEA_CLIENT_ID
+            - name: DRONE_GITEA_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_GITEA_CLIENT_SECRET
+            - name: DRONE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_RPC_SECRET
+            - name: DRONE_SERVER_HOST
+              value: "drone.local.fascinated.cc"
+            - name: DRONE_SERVER_PROTO
+              value: "https"
+          volumeMounts:
+            - name: drone-data
+              mountPath: /data
+      volumes:
+        - name: drone-data
+          persistentVolumeClaim:
+            claimName: drone-pvc
diff --git a/kubernetes/apps/production/drone/ingress.yaml b/kubernetes/apps/production/drone/ingress.yaml
new file mode 100644
index 0000000..31a90a0
--- /dev/null
+++ b/kubernetes/apps/production/drone/ingress.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drone-ci-ingress
+  namespace: drone-ci
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`drone.local.fascinated.cc`)
+      kind: Rule
+      middlewares:
+        - name: default-headers
+          namespace: traefik
+      services:
+        - name: drone-service
+          port: 80
+  tls:
+    secretName: local-fascinated-cc
diff --git a/kubernetes/apps/production/drone/kustomization.yaml b/kubernetes/apps/production/drone/kustomization.yaml
new file mode 100644
index 0000000..cc4f6e3
--- /dev/null
+++ b/kubernetes/apps/production/drone/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: drone-ci
+resources:
+  - namespace.yaml
+  - sealed-secrets.yaml
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
diff --git a/kubernetes/apps/production/drone/namespace.yaml b/kubernetes/apps/production/drone/namespace.yaml
new file mode 100644
index 0000000..59e6456
--- /dev/null
+++ b/kubernetes/apps/production/drone/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: drone-ci
diff --git a/kubernetes/apps/production/drone/pvc.yaml b/kubernetes/apps/production/drone/pvc.yaml
new file mode 100644
index 0000000..1dcd328
--- /dev/null
+++ b/kubernetes/apps/production/drone/pvc.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: drone-pvc
+  namespace: drone-ci
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/kubernetes/apps/production/drone/sealed-secrets.yaml b/kubernetes/apps/production/drone/sealed-secrets.yaml
new file mode 100644
index 0000000..803c7db
--- /dev/null
+++ b/kubernetes/apps/production/drone/sealed-secrets.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: drone-secret
+  namespace: drone-ci
+spec:
+  encryptedData:
+    foo: AgBGX0uwg9RxgFG1vOFH8JlvhvU3cJWLqUpH+c2RsYGF58LpUEEwXxTkKae8B8yGTgqCgb+Uhp+NAXVTIxAVk3HBRAycgYGjlRY/ZZRd95Di6ZLp+OlN1kIbzI/XX58Gn5k7xETzlC+WKv5yWCXBL1GB7iqR+jRvaEUuV6c4AXwMRk+vw5ULUHJY6n1SAP2W8RWMHL5tQc7NYis22kBYsWSjDC/QD8TvyxHgqiSndtbLTx5wWDmF4xdu8NBQ2jhWDoAp3j7YOwsKXYNUTVDTHIbRnPXuGhJwiiXs2AnJMgEZRjTd7rnbdIiColk8gA25xl1OL1qWTNHaCBp4/eKVD10RFISbjOrEB6hmjKm1jCvwStFUVsTyMhHHaXFS4KdWbpKfc7SF5T+hdNt+tNqdCtZsl+BMrsL3B0w9tg6CoYtcELEGRmQungcBaK16C/ZGeGHElddte3UO9fsjF9QEW2zlJWi/Vy5dq8LFq1a0vS709RBHjNpVcEsfdhep/F3msqMph7t89z6FMUBRlu5btTa4PyeoN0QnvoRoWa5tjQHhC/80/zLYC/bZQ//vLBxjREhaDiG5LsE73YhCVqCni7qapVEW4Scx2i8lfVZgZiaWmux/bxx4s5jPNPErBdx/o3y12pmUxWnos5zFe9aIRsuUTn9l9SAW28iDikAOu+89BrYEaLHFdTEUX2C3jiI5hp3a3w73WB1sLtjDLs8OeiarzGaQKSYcJLzmMyLRZweUosuo13WpN3svF04f5xYlLbrpGudrwjumqHJGSxx0lnsKiCyx5hBsex+aj9H4ZQYnwaup6EBHlwN2WCwPseaqAkzjn3dm6coJ5pZY/+iCDVahv2bpxId9TNWlR1uCPkY7MAGhPFV6CnP3jixIqB7tCtqPTP7YQc3qgcAQz1LI6KTGIM3lPC//1mHqoaxsuIoOQ6XZo64lcrNaeP0dtUokekdTR7slTE6uDGw+7vGjTvMQVnxhW5AaHTz/jga7O1uD0XEpTxIjjnpFqOk+yrvMzP6XGiboTI2Ehwkv+uRLQ72R8Dtgk9vzy7pAzKRMch3FMOhgAl/Hl0Y=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: drone-secret
+      namespace: drone-ci
diff --git a/kubernetes/apps/production/drone/service.yaml b/kubernetes/apps/production/drone/service.yaml
new file mode 100644
index 0000000..317e3f4
--- /dev/null
+++ b/kubernetes/apps/production/drone/service.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: drone-service
+  namespace: drone-ci
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 80
+      protocol: TCP
+    - port: 443
+      targetPort: 443
+      protocol: TCP
+  selector:
+    app: drone
diff --git a/kubernetes/apps/production/flyimg/ingress.yaml b/kubernetes/apps/production/flyimg/ingress.yaml
index 01806c0..e0212bd 100644
--- a/kubernetes/apps/production/flyimg/ingress.yaml
+++ b/kubernetes/apps/production/flyimg/ingress.yaml
@@ -1,7 +1,7 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: capacitor-external-ingress
+  name: capacitor-ingress
   namespace: public-services
   annotations:
     kubernetes.io/ingress.class: traefik-external