apiVersion: v1
kind: Service
metadata:
  name: drone
  namespace: apps
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    app: drone
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone
  namespace: apps
spec:
  replicas: 1
  selector:
    matchLabels:
      app: drone
  template:
    metadata:
      labels:
        app: drone
    spec:
      containers:
        - name: drone
          image: drone/drone:2
          env:
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: POSTGRES_PASSWORD
            - name: DRONE_GITEA_SERVER
              value: "https://gitea.nocodelytics.com"
            - name: DRONE_GITEA_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: GITEA_CLIENT_ID
            - name: DRONE_GITEA_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: GITEA_CLIENT_SECRET
            - name: DRONE_SERVER_HOST
              value: drone.nocodelytics.com
            - name: DRONE_SERVER_PROTO
              value: https
            - name: DRONE_RPC_SECRET
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: DRONE_RPC_SECRET
            - name: DRONE_DATABASE_DRIVER
              value: postgres
            - name: DRONE_DATABASE_DATASOURCE
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: POSTGRES_URL
            - name: DRONE_S3_PATH_STYLE
              value: "true"
            - name: AWS_REGION
              value: eu
            - name: DRONE_S3_BUCKET
              value: drone
            - name: DRONE_S3_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: AWS_ENDPOINTS
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: AWS_ACCESS_KEY_ID
            - name: AWS_SECRET_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: AWS_SECRET_ACCESS_KEY
          ports:
            - containerPort: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: drone
  namespace: apps
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`drone.nocodelytics.com`)
      kind: Rule
      services:
        - name: drone
          port: 80
  tls:
    certResolver: letsencrypt
    domains:
      - main: drone.nocodelytics.com
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drone-runner
  namespace: apps
spec:
  replicas: 1
  selector:
    matchLabels:
      app: drone-runner
  template:
    metadata:
      labels:
        app: drone-runner
    spec:
      containers:
        - name: runner
          image: drone/drone-runner-docker:1
          ports:
            - containerPort: 3000
          env:
            - name: DRONE_RPC_PROTO
              value: "http"
            - name: DRONE_RPC_HOST
              value: "drone.apps"
            - name: DRONE_RPC_SECRET
              valueFrom:
                secretKeyRef:
                  name: secrets
                  key: DRONE_RPC_SECRET
            - name: DRONE_RUNNER_CAPACITY
              value: "1"
            - name: DRONE_RUNNER_NAME
              value: "k8s-runner"
          volumeMounts:
            - name: docker-sock
              mountPath: /var/run/docker.sock
      volumes:
        - name: docker-sock
          hostPath:
            path: /var/run/docker.sock
---