Add drone

This commit is contained in:
Julius 2022-05-23 23:27:50 +02:00
parent e8ceba34f1
commit 4d1f68cd83
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
12 changed files with 249 additions and 0 deletions

View file

@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-deployment
namespace: drone
labels:
app: drone-deployment
# keel.sh/policy: force
spec:
replicas: 1
selector:
matchLabels:
app: drone-deployment
template:
metadata:
labels:
app: drone-deployment
spec:
containers:
- name: drone-deployment
image: drone/drone:2
ports:
- containerPort: 80
env:
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-secrets
key: gitea-client-id
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-secrets
key: gitea-client-secret
- name: DRONE_GITEA_SERVER
valueFrom:
secretKeyRef:
name: drone-secrets
key: gitea-server
- name: DRONE_GIT_ALWAYS_AUTH
valueFrom:
secretKeyRef:
name: drone-secrets
key: git-always-auth
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secrets
key: drone-rpc-secret
- name: DRONE_SERVER_HOST
valueFrom:
secretKeyRef:
name: drone-secrets
key: drone-server-host
- name: DRONE_SERVER_PROTO
valueFrom:
secretKeyRef:
name: drone-secrets
key: drone-server-proto
imagePullSecrets:
- name: registry-creds

View file

@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: drone
name: drone-deployment-ingress
spec:
rules:
- host: "drone.voidcorp.nl"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: drone-deployment-service
port:
number: 80

View file

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- registry-creds.yaml
- rbac.yaml
- drone-deployment.yaml
- ingress.yaml
- service.yaml
- runner.yaml
- secret.yaml

View file

@ -0,0 +1,40 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: drone
name: drone
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone
namespace: drone
subjects:
- kind: ServiceAccount
name: default
namespace: drone
roleRef:
kind: Role
name: drone
apiGroup: rbac.authorization.k8s.io

View file

@ -0,0 +1,19 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: registry-creds
namespace: drone
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: registry-creds
template:
type: kubernetes.io/dockerconfigjson
data:
- secretKey: .dockerconfigjson
remoteRef:
key: k8s/registry-creds
property: dockerconfigjson

View file

@ -0,0 +1,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone
namespace: drone
labels:
app.kubernetes.io/name: drone
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone
template:
metadata:
labels:
app.kubernetes.io/name: drone
spec:
containers:
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secrets
key: drone-rpc-secret
- name: DRONE_RPC_HOST
valueFrom:
secretKeyRef:
name: drone-secrets
key: drone-server-host
- name: DRONE_RPC_PROTO
valueFrom:
secretKeyRef:
name: drone-secrets
key: drone-server-proto
- name: DRONE_NAMESPACE_DEFAULT
value: drone

View file

@ -0,0 +1,41 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: drone-secrets
namespace: drone
spec:
refreshInterval: "15s"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: drone-secrets
data:
- secretKey: drone-rpc-secret
remoteRef:
key: k8s/drone
property: drone-rpc-secret
- secretKey: drone-server-host
remoteRef:
key: k8s/drone
property: drone-server-host
- secretKey: drone-server-proto
remoteRef:
key: k8s/drone
property: drone-server-proto
- secretKey: git-always-auth
remoteRef:
key: k8s/drone
property: git-always-auth
- secretKey: gitea-client-id
remoteRef:
key: k8s/drone
property: gitea-client-id
- secretKey: gitea-client-secret
remoteRef:
key: k8s/drone
property: gitea-client-secret
- secretKey: gitea-server
remoteRef:
key: k8s/drone
property: gitea-server

View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
namespace: drone
name: drone-deployment-service
spec:
selector:
app: drone-deployment
ports:
- protocol: TCP
port: 80
targetPort: 80

View file

@ -4,3 +4,4 @@ resources:
- test
- authentik
- networking
- drone

View file

@ -0,0 +1,6 @@
kind: Namespace
apiVersion: v1
metadata:
name: drone
labels:
name: drone

View file

@ -5,3 +5,4 @@ resources:
- external-secrets.yaml
- authentik.yaml
- traefik.yaml
- drone.yaml

View file

@ -52,6 +52,7 @@ in {
proxy "http://vaultwarden.lxd:8000/";
virtualHosts."whoami.asraphiel.dev" = k8sProxy;
virtualHosts."auth.asraphiel.dev" = k8sProxy;
virtualHosts."drone.asraphiel.dev" = k8sProxy;
};
security.acme.email = "acme@voidcorp.nl";