diff --git a/kubernetes/apps/production/drone/kustomization.yaml b/kubernetes/apps/production/drone/kustomization.yaml index cc4f6e3..84c7f5e 100644 --- a/kubernetes/apps/production/drone/kustomization.yaml +++ b/kubernetes/apps/production/drone/kustomization.yaml @@ -4,8 +4,10 @@ kind: Kustomization namespace: drone-ci resources: - namespace.yaml - - sealed-secrets.yaml - - pvc.yaml - - deployment.yaml - - service.yaml - - ingress.yaml + - ./server/sealed-secrets.yaml + - ./server/pvc.yaml + - ./server/deployment.yaml + - ./server/service.yaml + - ./server/ingress.yaml + - ./runner/deployment.yaml + - ./runner/rbac.yaml diff --git a/kubernetes/apps/production/drone/runner/deployment.yaml b/kubernetes/apps/production/drone/runner/deployment.yaml new file mode 100644 index 0000000..444406d --- /dev/null +++ b/kubernetes/apps/production/drone/runner/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drone + namespace: drone-ci + labels: + app.kubernetes.io/name: drone +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: drone + template: + metadata: + labels: + app.kubernetes.io/name: drone + spec: + containers: + - name: runner + image: drone/drone-runner-kube:latest + ports: + - containerPort: 3000 + resources: + requests: + cpu: 50m + memory: 75Mi + limits: + cpu: 100m + memory: 200Mi + env: + - name: DRONE_RPC_HOST + value: drone.local.fascinated.cc + - name: DRONE_RPC_PROTO + value: http + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: drone-secret + key: DRONE_RPC_SECRET diff --git a/kubernetes/apps/production/drone/runner/rbac.yaml b/kubernetes/apps/production/drone/runner/rbac.yaml new file mode 100644 index 0000000..3a596a2 --- /dev/null +++ b/kubernetes/apps/production/drone/runner/rbac.yaml @@ -0,0 +1,40 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: drone-ci + name: drone +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - create + - delete + - list + - watch + - update + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: drone + namespace: drone-ci +subjects: + - kind: ServiceAccount + name: default + namespace: drone-ci +roleRef: + kind: Role + name: drone + apiGroup: rbac.authorization.k8s.io diff --git a/kubernetes/apps/production/drone/deployment.yaml b/kubernetes/apps/production/drone/server/deployment.yaml similarity index 100% rename from kubernetes/apps/production/drone/deployment.yaml rename to kubernetes/apps/production/drone/server/deployment.yaml diff --git a/kubernetes/apps/production/drone/ingress.yaml b/kubernetes/apps/production/drone/server/ingress.yaml similarity index 100% rename from kubernetes/apps/production/drone/ingress.yaml rename to kubernetes/apps/production/drone/server/ingress.yaml diff --git a/kubernetes/apps/production/drone/pvc.yaml b/kubernetes/apps/production/drone/server/pvc.yaml similarity index 100% rename from kubernetes/apps/production/drone/pvc.yaml rename to kubernetes/apps/production/drone/server/pvc.yaml diff --git a/kubernetes/apps/production/drone/sealed-secrets.yaml b/kubernetes/apps/production/drone/server/sealed-secrets.yaml similarity index 100% rename from kubernetes/apps/production/drone/sealed-secrets.yaml rename to kubernetes/apps/production/drone/server/sealed-secrets.yaml diff --git a/kubernetes/apps/production/drone/service.yaml b/kubernetes/apps/production/drone/server/service.yaml similarity index 100% rename from kubernetes/apps/production/drone/service.yaml rename to kubernetes/apps/production/drone/server/service.yaml