322 lines
7.8 KiB
YAML
322 lines
7.8 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: droneci
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: droneci-sa
|
|
namespace: droneci
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: droneci-config
|
|
namespace: droneci
|
|
data:
|
|
server.domain: "droneci.apps.mngoma.lab"
|
|
server.proto: "https"
|
|
server.runnername: "drone_runner"
|
|
server.runnernetworks: "default"
|
|
server.runnercapacity: "2"
|
|
database.type: "postgres"
|
|
database.host: "192.168.1.137:5432"
|
|
database.name: "dronecim"
|
|
gitea.server: "https://gitea.apps.mngoma.lab"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: droneci-secret
|
|
namespace: droneci
|
|
type: Opaque
|
|
data:
|
|
server.rpctoken: MDFLNlFHTkE4VEMxQjJGVzNGV0JSWDJFNE4=
|
|
database.username: YXBwX3VzZXI=
|
|
database.password: MTIzNDU=
|
|
database.connectstring: cG9zdGdyZXM6Ly9hcHBfdXNlcjoxMjM0NUAxOTIuMTY4LjEuMTM3OjU0MzIvZHJvbmVjaW0/c3NsbW9kZT1kaXNhYmxl
|
|
gitea.clientid: MGRiNTliZDAtMGI3Ni00ODgxLThhODQtNjI0N2ZlYTExOTcz
|
|
gitea.clientsecret: Z3RvX3l6bXB6NmJvZG52cmRnMnM1MmVmNWF1c3ozZTYzNGdyeTc0MjJqZ2hwd3ZnbGc2M2JtcnE=
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: droneci-role
|
|
namespace: droneci
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: droneci-rolebinding
|
|
namespace: droneci
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: droneci-sa
|
|
namespace: droneci
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: droneci-role
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: drone-runner-role
|
|
namespace: droneci
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/exec", "services", "endpoints", "configmaps", "secrets", "persistentvolumeclaims"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments", "replicasets"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: drone-runner-rolebinding
|
|
namespace: droneci
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: droneci-sa
|
|
namespace: droneci
|
|
roleRef:
|
|
kind: Role
|
|
name: drone-runner-role
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: droneci-pv
|
|
labels:
|
|
type: local
|
|
spec:
|
|
capacity:
|
|
storage: 10Gi
|
|
accessModes: ["ReadWriteOnce"]
|
|
storageClassName: local-pvs
|
|
local:
|
|
path: /home/ansible/k3s/makhiwane/droneci
|
|
nodeAffinity:
|
|
required:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: In
|
|
values: ["lead"]
|
|
persistentVolumeReclaimPolicy: Retain
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: droneci-pvc
|
|
namespace: droneci
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
storageClassName: local-pvs
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: drone
|
|
namespace: droneci
|
|
labels:
|
|
app.kubernetes.io/name: drone
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: drone
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: drone
|
|
spec:
|
|
hostAliases:
|
|
- ip: "192.168.1.160"
|
|
hostnames:
|
|
- "gitea.apps.mngoma.lab"
|
|
- "droneci.apps.mngoma.lab"
|
|
serviceAccountName: droneci-sa
|
|
containers:
|
|
- name: drone
|
|
image: drone/drone:latest
|
|
ports:
|
|
- containerPort: 80
|
|
name: http
|
|
env:
|
|
- name: DRONE_SERVER_HOST
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: droneci-config
|
|
key: server.domain
|
|
- name: DRONE_SERVER_PROTO
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: droneci-config
|
|
key: server.proto
|
|
- name: DRONE_SERVER_PORT
|
|
value: ":80"
|
|
- name: DRONE_TLS_AUTOCERT
|
|
value: "false"
|
|
- name: DRONE_LOGS_DEBUG
|
|
value: "true"
|
|
- name: DRONE_RPC_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: droneci-secret
|
|
key: server.rpctoken
|
|
- name: DRONE_DATABASE_DRIVER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: droneci-config
|
|
key: database.type
|
|
- name: DRONE_DATABASE_DATASOURCE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: droneci-secret
|
|
key: database.connectstring
|
|
- name: DRONE_DB_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: droneci-secret
|
|
key: database.username
|
|
- name: DRONE_DB_PASS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: droneci-secret
|
|
key: database.password
|
|
- name: DRONE_GITEA_SERVER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: droneci-config
|
|
key: gitea.server
|
|
- name: DRONE_GITEA_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: droneci-secret
|
|
key: gitea.clientid
|
|
- name: DRONE_GITEA_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: droneci-secret
|
|
key: gitea.clientsecret
|
|
- name: DRONE_GITEA_SKIP_VERIFY
|
|
value: "true"
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 80
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
failureThreshold: 3
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 80
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 20
|
|
failureThreshold: 3
|
|
volumeMounts:
|
|
- name: drone-storage
|
|
mountPath: /data
|
|
volumes:
|
|
- name: drone-storage
|
|
persistentVolumeClaim:
|
|
claimName: droneci-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: drone-server
|
|
namespace: droneci
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: drone
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
targetPort: 80
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: drone-runner
|
|
namespace: droneci
|
|
labels:
|
|
app.kubernetes.io/name: drone-runner
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: drone-runner
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: drone-runner
|
|
spec:
|
|
hostAliases:
|
|
- ip: "192.168.1.160"
|
|
hostnames:
|
|
- "gitea.apps.mngoma.lab"
|
|
- "droneci.apps.mngoma.lab"
|
|
serviceAccountName: droneci-sa
|
|
containers:
|
|
- name: runner
|
|
image: drone/drone-runner-kube:latest
|
|
ports:
|
|
- containerPort: 3000
|
|
env:
|
|
- name: DRONE_RPC_HOST
|
|
value: drone-server.droneci.svc.cluster.local
|
|
- name: DRONE_RPC_PROTO
|
|
value: "http"
|
|
- name: DRONE_RPC_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: droneci-secret
|
|
key: server.rpctoken
|
|
- name: DRONE_RUNNER_NAME
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: droneci-config
|
|
key: server.runnername
|
|
- name: DRONE_RUNNER_CAPACITY
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: droneci-config
|
|
key: server.runnercapacity
|
|
- name: DRONE_RUNNER_NETWORKS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: droneci-config
|
|
key: server.runnernetworks
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: droneci-web
|
|
namespace: droneci
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`droneci.apps.mngoma.lab`)
|
|
kind: Rule
|
|
services:
|
|
- name: drone-server
|
|
port: 80
|
|
scheme: http
|
|
tls: {}
|