feat(apps): drone-ci

2024-09-23 22:05:44 +01:00 · 2024-09-23 22:05:44 +01:00 · 0cc06ea7fd
commit 0cc06ea7fd
parent 8a0e065039
8 changed files with 136 additions and 1 deletions
--- a/kubernetes/apps/production/drone/deployment.yaml
+++ b/kubernetes/apps/production/drone/deployment.yaml
@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-deployment
+  namespace: drone-ci
+  labels:
+    app: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: drone
+  template:
+    metadata:
+      labels:
+        app: drone
+    spec:
+      containers:
+        - name: drone
+          image: drone/drone:2
+          ports:
+            - containerPort: 80
+            - containerPort: 443
+          env:
+            - name: DRONE_GITEA_SERVER
+              value: "https://try.gitea.io"
+            - name: DRONE_GITEA_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_GITEA_CLIENT_ID
+            - name: DRONE_GITEA_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_GITEA_CLIENT_SECRET
+            - name: DRONE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_RPC_SECRET
+            - name: DRONE_SERVER_HOST
+              value: "drone.local.fascinated.cc"
+            - name: DRONE_SERVER_PROTO
+              value: "https"
+          volumeMounts:
+            - name: drone-data
+              mountPath: /data
+      volumes:
+        - name: drone-data
+          persistentVolumeClaim:
+            claimName: drone-pvc
--- a/kubernetes/apps/production/drone/ingress.yaml
+++ b/kubernetes/apps/production/drone/ingress.yaml
@ -0,0 +1,22 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drone-ci-ingress
+  namespace: drone-ci
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`drone.local.fascinated.cc`)
+      kind: Rule
+      middlewares:
+        - name: default-headers
+          namespace: traefik
+      services:
+        - name: drone-service
+          port: 80
+  tls:
+    secretName: local-fascinated-cc
--- a/kubernetes/apps/production/drone/kustomization.yaml
+++ b/kubernetes/apps/production/drone/kustomization.yaml
@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: drone-ci
+resources:
+  - namespace.yaml
+  - sealed-secrets.yaml
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
--- a/kubernetes/apps/production/drone/namespace.yaml
+++ b/kubernetes/apps/production/drone/namespace.yaml
@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: drone-ci
--- a/kubernetes/apps/production/drone/pvc.yaml
+++ b/kubernetes/apps/production/drone/pvc.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: drone-pvc
+  namespace: drone-ci
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
--- a/kubernetes/apps/production/drone/sealed-secrets.yaml
+++ b/kubernetes/apps/production/drone/sealed-secrets.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: drone-secret
+  namespace: drone-ci
+spec:
+  encryptedData:
+    foo: AgBGX0uwg9RxgFG1vOFH8JlvhvU3cJWLqUpH+c2RsYGF58LpUEEwXxTkKae8B8yGTgqCgb+Uhp+NAXVTIxAVk3HBRAycgYGjlRY/ZZRd95Di6ZLp+OlN1kIbzI/XX58Gn5k7xETzlC+WKv5yWCXBL1GB7iqR+jRvaEUuV6c4AXwMRk+vw5ULUHJY6n1SAP2W8RWMHL5tQc7NYis22kBYsWSjDC/QD8TvyxHgqiSndtbLTx5wWDmF4xdu8NBQ2jhWDoAp3j7YOwsKXYNUTVDTHIbRnPXuGhJwiiXs2AnJMgEZRjTd7rnbdIiColk8gA25xl1OL1qWTNHaCBp4/eKVD10RFISbjOrEB6hmjKm1jCvwStFUVsTyMhHHaXFS4KdWbpKfc7SF5T+hdNt+tNqdCtZsl+BMrsL3B0w9tg6CoYtcELEGRmQungcBaK16C/ZGeGHElddte3UO9fsjF9QEW2zlJWi/Vy5dq8LFq1a0vS709RBHjNpVcEsfdhep/F3msqMph7t89z6FMUBRlu5btTa4PyeoN0QnvoRoWa5tjQHhC/80/zLYC/bZQ//vLBxjREhaDiG5LsE73YhCVqCni7qapVEW4Scx2i8lfVZgZiaWmux/bxx4s5jPNPErBdx/o3y12pmUxWnos5zFe9aIRsuUTn9l9SAW28iDikAOu+89BrYEaLHFdTEUX2C3jiI5hp3a3w73WB1sLtjDLs8OeiarzGaQKSYcJLzmMyLRZweUosuo13WpN3svF04f5xYlLbrpGudrwjumqHJGSxx0lnsKiCyx5hBsex+aj9H4ZQYnwaup6EBHlwN2WCwPseaqAkzjn3dm6coJ5pZY/+iCDVahv2bpxId9TNWlR1uCPkY7MAGhPFV6CnP3jixIqB7tCtqPTP7YQc3qgcAQz1LI6KTGIM3lPC//1mHqoaxsuIoOQ6XZo64lcrNaeP0dtUokekdTR7slTE6uDGw+7vGjTvMQVnxhW5AaHTz/jga7O1uD0XEpTxIjjnpFqOk+yrvMzP6XGiboTI2Ehwkv+uRLQ72R8Dtgk9vzy7pAzKRMch3FMOhgAl/Hl0Y=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: drone-secret
+      namespace: drone-ci
--- a/kubernetes/apps/production/drone/service.yaml
+++ b/kubernetes/apps/production/drone/service.yaml
@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: drone-service
+  namespace: drone-ci
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 80
+      protocol: TCP
+    - port: 443
+      targetPort: 443
+      protocol: TCP
+  selector:
+    app: drone
--- a/kubernetes/apps/production/flyimg/ingress.yaml
+++ b/kubernetes/apps/production/flyimg/ingress.yaml
@ -1,7 +1,7 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: capacitor-external-ingress
+  name: capacitor-ingress
  namespace: public-services
  annotations:
    kubernetes.io/ingress.class: traefik-external