feat(apps): add drone runner and change the structure of the drone app

kubernetes/apps/production/drone/kustomization.yaml

@@ -4,8 +4,10 @@ kind: Kustomization
 namespace: drone-ci
 resources:
   - namespace.yaml
-  - sealed-secrets.yaml
+  - ./server/sealed-secrets.yaml
-  - pvc.yaml
+  - ./server/pvc.yaml
-  - deployment.yaml
+  - ./server/deployment.yaml
-  - service.yaml
+  - ./server/service.yaml
-  - ingress.yaml
+  - ./server/ingress.yaml
+  - ./runner/deployment.yaml
+  - ./runner/rbac.yaml

kubernetes/apps/production/drone/runner/deployment.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone
+  namespace: drone-ci
+  labels:
+    app.kubernetes.io/name: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: drone
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: drone
+    spec:
+      containers:
+        - name: runner
+          image: drone/drone-runner-kube:latest
+          ports:
+            - containerPort: 3000
+          resources:
+            requests:
+              cpu: 50m
+              memory: 75Mi
+            limits:
+              cpu: 100m
+              memory: 200Mi
+          env:
+            - name: DRONE_RPC_HOST
+              value: drone.local.fascinated.cc
+            - name: DRONE_RPC_PROTO
+              value: http
+            - name: DRONE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: drone-secret
+                  key: DRONE_RPC_SECRET

kubernetes/apps/production/drone/runner/rbac.yaml

@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: drone-ci
+  name: drone
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/log
+    verbs:
+      - get
+      - create
+      - delete
+      - list
+      - watch
+      - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: drone-ci
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: drone-ci
+roleRef:
+  kind: Role
+  name: drone
+  apiGroup: rbac.authorization.k8s.io