--- apiVersion: v1 kind: Namespace metadata: name: drone-ci --- apiVersion: v1 kind: ServiceAccount metadata: name: drone-runner-sa namespace: drone-ci --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: drone-runner-role namespace: drone-ci rules: - apiGroups: [""] resources: ["pods", "pods/log", "secrets"] verbs: ["get", "create", "delete", "list", "watch", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: drone-runner-rb namespace: drone-ci subjects: - kind: ServiceAccount name: drone-runner-sa namespace: drone-ci roleRef: kind: Role name: drone-runner-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: drone-server-data-pvc namespace: drone-ci spec: accessModes: - ReadWriteOnce storageClassName: nfs-storage resources: requests: storage: 5Gi --- apiVersion: v1 kind: Secret metadata: name: drone-secrets namespace: drone-ci type: Opaque stringData: DRONE_RPC_SECRET: "b505b2906ae213070b10d9698cc35e84" DRONE_GITEA_CLIENT_ID: "a9b4a947-0b4c-4782-a5f8-3ed79a4b295d" DRONE_GITEA_CLIENT_SECRET: "gto_ukxcserdy7vei36git4tbuz2tdyez4rb2eo5woownmtyct3lz3aq" --- apiVersion: apps/v1 kind: Deployment metadata: name: drone-server namespace: drone-ci spec: replicas: 1 selector: matchLabels: app: drone-server template: metadata: labels: app: drone-server spec: hostAliases: - ip: "169.255.58.144" hostnames: ["gitea.khongisa.co.za"] containers: - name: drone-server image: drone/drone:2 ports: - containerPort: 80 name: http resources: requests: cpu: "100m" memory: "256Mi" limits: cpu: "500m" memory: "512Mi" env: - name: DRONE_GITEA_SERVER value: "https://gitea.khongisa.co.za" - name: DRONE_SERVER_HOST value: "drone.khongisa.co.za" - name: DRONE_SERVER_PROTO value: "https" - name: DRONE_RPC_SECRET valueFrom: { secretKeyRef: { name: drone-secrets, key: DRONE_RPC_SECRET } } - name: DRONE_GITEA_CLIENT_ID valueFrom: { secretKeyRef: { name: drone-secrets, key: DRONE_GITEA_CLIENT_ID } } - name: DRONE_GITEA_CLIENT_SECRET valueFrom: { secretKeyRef: { name: drone-secrets, key: DRONE_GITEA_CLIENT_SECRET } } - name: DRONE_DATABASE_DRIVER value: "sqlite3" - name: DRONE_DATABASE_DATASOURCE value: "/data/database.sqlite" # Note: DRONE_SERVER_PORT removed to prevent initialization fatal error volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: drone-server-data-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: drone-runner namespace: drone-ci spec: replicas: 1 selector: matchLabels: app: drone-runner template: metadata: labels: app: drone-runner spec: serviceAccountName: drone-runner-sa hostAliases: - ip: "169.255.58.144" hostnames: ["gitea.khongisa.co.za"] containers: - name: drone-runner image: drone/drone-runner-kube:latest resources: requests: cpu: "100m" memory: "128Mi" limits: cpu: "300m" memory: "256Mi" env: - name: DRONE_RPC_PROTO value: "http" - name: DRONE_RPC_HOST value: "drone-server.drone-ci.svc.cluster.local" - name: DRONE_RPC_SECRET valueFrom: { secretKeyRef: { name: drone-secrets, key: DRONE_RPC_SECRET } } - name: DRONE_NAMESPACE_DEFAULT value: "drone-ci" --- apiVersion: v1 kind: Service metadata: name: drone-server namespace: drone-ci spec: type: NodePort selector: app: drone-server ports: - name: http port: 80 targetPort: 80 nodePort: 31001