diff --git a/drone/drone-runner.yaml b/drone/drone-runner.yaml new file mode 100644 index 0000000..c999aca --- /dev/null +++ b/drone/drone-runner.yaml @@ -0,0 +1,73 @@ +# Copied from https://docs.drone.io/runner/kubernetes/installation/ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: drone + name: drone-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - create + - delete + - list + - watch + - update +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: drone-runner + namespace: drone +subjects: +- kind: ServiceAccount + name: default + namespace: drone +roleRef: + kind: Role + name: drone-runner + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: drone + name: drone-runner + labels: + app.kubernetes.io/name: drone-runner +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: drone-runner + template: + metadata: + labels: + app.kubernetes.io/name: drone-runner + spec: + containers: + - name: drone-runner + image: drone/drone-runner-kube:latest + ports: + - containerPort: 3000 + env: + - name: DRONE_RPC_HOST + valueFrom: + configMapKeyRef: {"name": "drone-server-config", "key": "DRONE_SERVER_HOST"} + - name: DRONE_RPC_PROTO + valueFrom: + configMapKeyRef: {"name": "drone-server-config", "key": "DRONE_SERVER_PROTO"} + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: {"name": "drone-server-secret", "key": "DRONE_RPC_SECRET"} diff --git a/drone/drone-server.yaml b/drone/drone-server.yaml new file mode 100644 index 0000000..879a7bc --- /dev/null +++ b/drone/drone-server.yaml @@ -0,0 +1,105 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: drone +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: drone + name: drone-server-config +data: + DRONE_SERVER_HOST: ci.csclub.uwaterloo.ca + DRONE_SERVER_PROTO: https +--- +apiVersion: v1 +kind: Secret +metadata: + namespace: drone + name: drone-server-secret + labels: + app: drone-server +stringData: + DRONE_DATABASE_DATASOURCE: REPLACE_ME + DRONE_GITEA_CLIENT_ID: REPLACE_ME + DRONE_GITEA_CLIENT_SECRET: REPLACE_ME + DRONE_RPC_SECRET: REPLACE_ME +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: drone + name: drone-server + labels: + app: drone-server +spec: + selector: + matchLabels: + app: drone-server + template: + metadata: + labels: + app: drone-server + spec: + containers: + - name: drone-server + image: drone/drone:1 + ports: + - name: http + containerPort: 80 + env: + - name: DRONE_GITEA_SERVER + value: https://git.csclub.uwaterloo.ca + - name: DRONE_SERVER_HOST + valueFrom: + configMapKeyRef: {"name": "drone-server-config", "key": "DRONE_SERVER_HOST"} + - name: DRONE_SERVER_PROTO + valueFrom: + configMapKeyRef: {"name": "drone-server-config", "key": "DRONE_SERVER_PROTO"} + - name: DRONE_DATABASE_DRIVER + value: postgres + - name: DRONE_USER_CREATE + value: "username:sysadmin,admin:true" + - name: DRONE_GITEA_CLIENT_ID + valueFrom: + secretKeyRef: {"name": "drone-server-secret", "key": "DRONE_GITEA_CLIENT_ID"} + - name: DRONE_GITEA_CLIENT_SECRET + valueFrom: + secretKeyRef: {"name": "drone-server-secret", "key": "DRONE_GITEA_CLIENT_SECRET"} + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: {"name": "drone-server-secret", "key": "DRONE_RPC_SECRET"} + - name: DRONE_DATABASE_DATASOURCE + valueFrom: + secretKeyRef: {"name": "drone-server-secret", "key": "DRONE_DATABASE_DATASOURCE"} +--- +apiVersion: v1 +kind: Service +metadata: + name: drone-service + namespace: drone +spec: + selector: + app: drone-server + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: drone-ingress + namespace: drone +spec: + rules: + - host: ci.csclub.uwaterloo.ca + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: drone-service + port: + number: 80