re-add drone
Some checks failed
Check Kubernetes YAMLs / scan (push) Failing after 24s

revert remove drone
This commit is contained in:
Lee 2024-09-23 23:59:54 +00:00
parent e6d3433ed1
commit 412a0cdc64
9 changed files with 234 additions and 0 deletions

View File

@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: drone-ci
resources:
- namespace.yaml
- ./server/sealed-secrets.yaml
- ./server/pvc.yaml
- ./server/server-deployment.yaml
- ./server/service.yaml
- ./server/ingress.yaml
- ./runner/runner-deployment.yaml
- ./runner/rbac.yaml

View File

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: drone-ci
labels:
pod-security.kubernetes.io/enforce: privileged

View File

@ -0,0 +1,40 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone
namespace: drone-ci
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone
namespace: drone-ci
subjects:
- kind: ServiceAccount
name: default
namespace: drone-ci
roleRef:
kind: Role
name: drone
apiGroup: rbac.authorization.k8s.io

View File

@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
namespace: drone-ci
labels:
app.kubernetes.io/name: drone
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone
template:
metadata:
labels:
app.kubernetes.io/name: drone
spec:
containers:
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
resources:
requests:
cpu: 50m
memory: 75Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: DRONE_RPC_HOST
value: drone.fascinated.cc
- name: DRONE_RPC_PROTO
value: https
- name: DRONE_NAMESPACE_DEFAULT
value: drone-ci
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: DRONE_RPC_SECRET

View File

@ -0,0 +1,22 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: drone-ci-ingress
namespace: drone-ci
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`drone.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: drone-service
port: 80
tls:
secretName: fascinated-cc

View File

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-pvc
namespace: drone-ci
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi

View File

@ -0,0 +1,18 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: drone-secret
namespace: drone-ci
spec:
encryptedData:
DRONE_GITEA_CLIENT_ID: AgBvs/BRqipwanwhehkG+efGyDYwbvkaYkOSsoW6PCqiKx3GX7wFUnSEEljoTLn8qCx7GKGT73KBcK6ItwFisAlJwFHTC7DtgCSJzpHBwHvbCWs+QtKumHCtgnj2XCHGs8yt4o9I9KClGl6mqKFfWAWiDAoBcY6YHCM5l23jh/ipglT1jcRGm+dxouZ5QCCNjHSEN/SD0wVv4bCajRmZ7fwOrJ9lsJFhfhu6hvm0UsFggsrtOGavk0TzwzUoeZPvGM7LOhFk5qAFFdJAMucErcfKlEKcxfPd4V0rwJTNaSQqSL01iEQLSdgwQqsypJxKpKz5D2aByEiYHe4HvpFzm0KnwaOth7MO6gmnp7+mb008MyUL4KSdcj82z76YjD5S9uU3XaeuxlEWrAU1obGWNzFU5E8a9L0iJIoOhH33kwcYhUFjloZ3S2mL0gyl2EpZ3tIXlXpjr8B0WXC/bgWOk5kq+veIaM2+jeTge7iLXhS/8rtxAy7tUk22jEK9ecXT5zqlLrTIpcJz3UMpKTh5N397vIGfRNJ1DoRPCL/UHXWTleNBQTijhGWDb+JcT70makwroXYOLQorZXOVbRLWCC/b+i9Aq8yVNhyBUJy0SR1qhkO4tCgZ5/E5+mXFJvjkH64JYHCyFDI/KPjzefby2HSINjTR1AD5mW+KKOfINMCffFD7Zy90jcd9iViU9JE4coqBRPG4v1lmoGPv++fnJEC5ZNoWKy2FMTkf5rt0cPtuBSsP8CU=
DRONE_GITEA_CLIENT_SECRET: AgBBub2TZ2xb6oVxTVHWZkdiVMo9zFNUrYxL0Iw1YeUFgZmJjkk/CP6UCxlCJbnzOj+b//HbYn1w8sS3vzGK82be8GgfkgI4/hTHHll3GSjEbdaTn7xEL/XJrp+JyVvX7bQNPLCkTsaxIrz7dh7kHUvcgRxOoSsFKHj73hjf27lHa+Qa89fDO5Zb1PjUSeT4IlAHlUuQraKx0viAoy8uEX6OyX3lhX5Aa2NQkbLRYCd8T7+IW0lyKvwwOpOdVH/38G8eAVXmADdKuNyIoq9++bYnUMMFMBj6OdMp3xNyGcEkuKlMI9+DaT29tmOgvDiWog/E2Hg0IERh4z5Dr2p4oJyT7b1N1ynRiwfndLp2di9d+nrzG5STf9NRKOK8U+NWTRcXv4JRkKyIDAi0j4eoC9cVyKGe341A4os3kTg9dky0RL+Q7+NWCWUYFAXIkU5cRHgwW7LTkv96cduerVT8YF3sxvu4FlJgHDNKvNuxFAhPOCwoOozPX8JbhhlEPfxWZ0s9B7QgRdNm/GY6RxV0Dl7F+IhzSxA/PrMxYUzuhenW+K9bIJd5dR73NfTlxbTdt/tM7DpVb00DrHx2Y2BOME1H76AXrRr+MZdWz46XHBSh6yeTMf5D3PRU8SPDEqSUrODEnjlEnJCkjYoxLOYAjXa/5dyZnyxIpS4WDMIB0/aXde0CX83fJ9C5KM6P36kKUZL8VOiJ5HA4Fzz/45X0wjEOkccuIHElWzPzOcW5geLc4vZRNiJa5ydLoktnMObqf7Iy3Jxrlg3SGg==
DRONE_RPC_SECRET: AgA96+L9/gvS8PkIfwDBnpBcagdL+eE1wyTqvMnG2pIGMhy7li10yvra/B1ptsuBak1Aab7WNZvNR5zUf2b2QVEk9Rz0q7D0ZqVFP0U6JiILPJ6p61K0GC+Lh5MKI4yzFmYrT+hfk6HkKGy5dEtJ+JoY2aT6Mn26pIs3dEnKlIObxxR7rQzlKuV2yrkguHnhV38DCvsMkMYaF8G1IiwfDsHJ1JcwXjHlRtkl02v/Arc1sGZi/2lXZpqXMW3UFb2YGRGP6rgeXcsGeNslIkMJkJaUSZdI3HS0ufHwSbJJaiug370E/ZkHChpaABibAEImoblgrRD2IPbwlNymiZdAqXpwjj++sAgoHvBDUkFk48TkIXb0uxOmVFeevgxJgYyXP9DPqJVPj+CtSRxWle7pAODYpmf1avn4bOB4DXdJVR1IR9si8OYgTZW3Fz4Lxh8naOuaTrnyzJosJBrB3Nks9q96IZQHitnzBJZKEuEjhfp6oAzkgaYPej4q2EAy8DoIb8kltFyaA+f+0s+9ipQeXL5OKhfCzNq6vBFsOqn3g5wHse/86NH3FHZnHEmqlOw/4N18gsj+g09TqJSeDVm/Tbzq+eYyPV6KKNN2F/890VAieUo+AyoCznjjv85AXHjA5gfj3JQj7zczW7CyQolcXxvcxoE9+/7fiy6sDQgFciDo1qswFRnYpVML4Y/UBb3howbVMONAt/fSnytT/DB5EH6FLKBxFOzmM9yuTacu4jo1HQ==
template:
metadata:
creationTimestamp: null
name: drone-secret
namespace: drone-ci
type: Opaque

View File

@ -0,0 +1,62 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
namespace: drone-ci
labels:
app: drone
spec:
replicas: 1
selector:
matchLabels:
app: drone
template:
metadata:
labels:
app: drone
spec:
containers:
- name: drone
image: drone/drone:2
ports:
- containerPort: 80
- containerPort: 443
resources:
requests:
cpu: 50m
memory: 75Mi
limits:
cpu: 100m
memory: 200Mi
env:
- name: DRONE_GITEA_SERVER
value: "https://git.fascinated.cc"
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-secret
key: DRONE_GITEA_CLIENT_ID
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: DRONE_GITEA_CLIENT_SECRET
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secret
key: DRONE_RPC_SECRET
- name: DRONE_SERVER_HOST
value: "drone.local.fascinated.cc"
- name: DRONE_SERVER_PROTO
value: "https"
- name: DRONE_REGISTRATION_CLOSED
value: "true"
volumeMounts:
- name: drone-data
mountPath: /data
volumes:
- name: drone-data
persistentVolumeClaim:
claimName: drone-pvc

View File

@ -0,0 +1,19 @@
---
apiVersion: v1
kind: Service
metadata:
name: drone-service
namespace: drone-ci
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app: drone