re-add drone

revert remove drone

kubernetes/apps/production/drone/kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: drone-ci
+resources:
+  - namespace.yaml
+  - ./server/sealed-secrets.yaml
+  - ./server/pvc.yaml
+  - ./server/server-deployment.yaml
+  - ./server/service.yaml
+  - ./server/ingress.yaml
+  - ./runner/runner-deployment.yaml
+  - ./runner/rbac.yaml

kubernetes/apps/production/drone/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: drone-ci
+  labels:
+    pod-security.kubernetes.io/enforce: privileged

kubernetes/apps/production/drone/runner/rbac.yaml

@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: drone-ci
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/log
+    verbs:
+      - get
+      - create
+      - delete
+      - list
+      - watch
+      - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: drone-ci
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: drone-ci
+roleRef:
+  kind: Role
+  name: drone
+  apiGroup: rbac.authorization.k8s.io

kubernetes/apps/production/drone/runner/runner-deployment.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-runner
+  namespace: drone-ci
+  labels:
+    app.kubernetes.io/name: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: drone
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: drone
+    spec:
+      containers:
+        - name: runner
+          image: drone/drone-runner-kube:latest
+          ports:
+            - containerPort: 3000
+          resources:
+            requests:
+              cpu: 50m
+              memory: 75Mi
+            limits:
+              cpu: 100m
+              memory: 200Mi
+          env:
+            - name: DRONE_RPC_HOST
+              value: drone.fascinated.cc
+            - name: DRONE_RPC_PROTO
+              value: https
+            - name: DRONE_NAMESPACE_DEFAULT
+              value: drone-ci
+            - name: DRONE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_RPC_SECRET

kubernetes/apps/production/drone/server/ingress.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drone-ci-ingress
+  namespace: drone-ci
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`drone.fascinated.cc`)
+      kind: Rule
+      middlewares:
+        - name: default-headers
+          namespace: traefik
+      services:
+        - name: drone-service
+          port: 80
+  tls:
+    secretName: fascinated-cc

kubernetes/apps/production/drone/server/pvc.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: drone-pvc
+  namespace: drone-ci
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi

kubernetes/apps/production/drone/server/sealed-secrets.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: drone-secret
+  namespace: drone-ci
+spec:
+  encryptedData:
+    DRONE_GITEA_CLIENT_ID: AgBvs/BRqipwanwhehkG+efGyDYwbvkaYkOSsoW6PCqiKx3GX7wFUnSEEljoTLn8qCx7GKGT73KBcK6ItwFisAlJwFHTC7DtgCSJzpHBwHvbCWs+QtKumHCtgnj2XCHGs8yt4o9I9KClGl6mqKFfWAWiDAoBcY6YHCM5l23jh/ipglT1jcRGm+dxouZ5QCCNjHSEN/SD0wVv4bCajRmZ7fwOrJ9lsJFhfhu6hvm0UsFggsrtOGavk0TzwzUoeZPvGM7LOhFk5qAFFdJAMucErcfKlEKcxfPd4V0rwJTNaSQqSL01iEQLSdgwQqsypJxKpKz5D2aByEiYHe4HvpFzm0KnwaOth7MO6gmnp7+mb008MyUL4KSdcj82z76YjD5S9uU3XaeuxlEWrAU1obGWNzFU5E8a9L0iJIoOhH33kwcYhUFjloZ3S2mL0gyl2EpZ3tIXlXpjr8B0WXC/bgWOk5kq+veIaM2+jeTge7iLXhS/8rtxAy7tUk22jEK9ecXT5zqlLrTIpcJz3UMpKTh5N397vIGfRNJ1DoRPCL/UHXWTleNBQTijhGWDb+JcT70makwroXYOLQorZXOVbRLWCC/b+i9Aq8yVNhyBUJy0SR1qhkO4tCgZ5/E5+mXFJvjkH64JYHCyFDI/KPjzefby2HSINjTR1AD5mW+KKOfINMCffFD7Zy90jcd9iViU9JE4coqBRPG4v1lmoGPv++fnJEC5ZNoWKy2FMTkf5rt0cPtuBSsP8CU=
+    DRONE_GITEA_CLIENT_SECRET: AgBBub2TZ2xb6oVxTVHWZkdiVMo9zFNUrYxL0Iw1YeUFgZmJjkk/CP6UCxlCJbnzOj+b//HbYn1w8sS3vzGK82be8GgfkgI4/hTHHll3GSjEbdaTn7xEL/XJrp+JyVvX7bQNPLCkTsaxIrz7dh7kHUvcgRxOoSsFKHj73hjf27lHa+Qa89fDO5Zb1PjUSeT4IlAHlUuQraKx0viAoy8uEX6OyX3lhX5Aa2NQkbLRYCd8T7+IW0lyKvwwOpOdVH/38G8eAVXmADdKuNyIoq9++bYnUMMFMBj6OdMp3xNyGcEkuKlMI9+DaT29tmOgvDiWog/E2Hg0IERh4z5Dr2p4oJyT7b1N1ynRiwfndLp2di9d+nrzG5STf9NRKOK8U+NWTRcXv4JRkKyIDAi0j4eoC9cVyKGe341A4os3kTg9dky0RL+Q7+NWCWUYFAXIkU5cRHgwW7LTkv96cduerVT8YF3sxvu4FlJgHDNKvNuxFAhPOCwoOozPX8JbhhlEPfxWZ0s9B7QgRdNm/GY6RxV0Dl7F+IhzSxA/PrMxYUzuhenW+K9bIJd5dR73NfTlxbTdt/tM7DpVb00DrHx2Y2BOME1H76AXrRr+MZdWz46XHBSh6yeTMf5D3PRU8SPDEqSUrODEnjlEnJCkjYoxLOYAjXa/5dyZnyxIpS4WDMIB0/aXde0CX83fJ9C5KM6P36kKUZL8VOiJ5HA4Fzz/45X0wjEOkccuIHElWzPzOcW5geLc4vZRNiJa5ydLoktnMObqf7Iy3Jxrlg3SGg==
+    DRONE_RPC_SECRET: AgA96+L9/gvS8PkIfwDBnpBcagdL+eE1wyTqvMnG2pIGMhy7li10yvra/B1ptsuBak1Aab7WNZvNR5zUf2b2QVEk9Rz0q7D0ZqVFP0U6JiILPJ6p61K0GC+Lh5MKI4yzFmYrT+hfk6HkKGy5dEtJ+JoY2aT6Mn26pIs3dEnKlIObxxR7rQzlKuV2yrkguHnhV38DCvsMkMYaF8G1IiwfDsHJ1JcwXjHlRtkl02v/Arc1sGZi/2lXZpqXMW3UFb2YGRGP6rgeXcsGeNslIkMJkJaUSZdI3HS0ufHwSbJJaiug370E/ZkHChpaABibAEImoblgrRD2IPbwlNymiZdAqXpwjj++sAgoHvBDUkFk48TkIXb0uxOmVFeevgxJgYyXP9DPqJVPj+CtSRxWle7pAODYpmf1avn4bOB4DXdJVR1IR9si8OYgTZW3Fz4Lxh8naOuaTrnyzJosJBrB3Nks9q96IZQHitnzBJZKEuEjhfp6oAzkgaYPej4q2EAy8DoIb8kltFyaA+f+0s+9ipQeXL5OKhfCzNq6vBFsOqn3g5wHse/86NH3FHZnHEmqlOw/4N18gsj+g09TqJSeDVm/Tbzq+eYyPV6KKNN2F/890VAieUo+AyoCznjjv85AXHjA5gfj3JQj7zczW7CyQolcXxvcxoE9+/7fiy6sDQgFciDo1qswFRnYpVML4Y/UBb3howbVMONAt/fSnytT/DB5EH6FLKBxFOzmM9yuTacu4jo1HQ==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: drone-secret
+      namespace: drone-ci
+    type: Opaque

kubernetes/apps/production/drone/server/server-deployment.yaml

@@ -0,0 +1,62 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-server
+  namespace: drone-ci
+  labels:
+    app: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: drone
+  template:
+    metadata:
+      labels:
+        app: drone
+    spec:
+      containers:
+        - name: drone
+          image: drone/drone:2
+          ports:
+            - containerPort: 80
+            - containerPort: 443
+          resources:
+            requests:
+              cpu: 50m
+              memory: 75Mi
+            limits:
+              cpu: 100m
+              memory: 200Mi
+          env:
+            - name: DRONE_GITEA_SERVER
+              value: "https://git.fascinated.cc"
+            - name: DRONE_GITEA_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_GITEA_CLIENT_ID
+            - name: DRONE_GITEA_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_GITEA_CLIENT_SECRET
+            - name: DRONE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_RPC_SECRET
+            - name: DRONE_SERVER_HOST
+              value: "drone.local.fascinated.cc"
+            - name: DRONE_SERVER_PROTO
+              value: "https"
+            - name: DRONE_REGISTRATION_CLOSED
+              value: "true"
+          volumeMounts:
+            - name: drone-data
+              mountPath: /data
+      volumes:
+        - name: drone-data
+          persistentVolumeClaim:
+            claimName: drone-pvc

kubernetes/apps/production/drone/server/service.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: drone-service
+  namespace: drone-ci
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
+    - name: https
+      port: 443
+      targetPort: 443
+      protocol: TCP
+  selector:
+    app: drone