apiVersion: v1
kind: Service
metadata:
name: drone
namespace: apps
spec:
ports:
- port: 80
targetPort: 80
selector:
app: drone
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone
namespace: apps
spec:
replicas: 1
selector:
matchLabels:
app: drone
template:
metadata:
labels:
app: drone
spec:
containers:
- name: drone
image: drone/drone:2
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: secrets
key: POSTGRES_PASSWORD
- name: DRONE_GITEA_SERVER
value: "https://gitea.nocodelytics.com"
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: secrets
key: GITEA_CLIENT_ID
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: secrets
key: GITEA_CLIENT_SECRET
- name: DRONE_SERVER_HOST
value: drone.nocodelytics.com
- name: DRONE_SERVER_PROTO
value: https
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: secrets
key: DRONE_RPC_SECRET
- name: DRONE_DATABASE_DRIVER
value: postgres
- name: DRONE_DATABASE_DATASOURCE
value: postgres://postgres:$(POSTGRES_PASSWORD)@postgres.databases:5432/drone?sslmode=disable
- name: DRONE_S3_PATH_STYLE
value: "true"
- name: AWS_REGION
value: eu
- name: DRONE_S3_BUCKET
value: drone
- name: DRONE_LOGS_DEBUG
value: "true"
- name: DRONE_S3_ENDPOINT
valueFrom:
secretKeyRef:
name: secrets
key: AWS_ENDPOINTS
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: secrets
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: secrets
key: AWS_SECRET_ACCESS_KEY
ports:
- containerPort: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: drone
namespace: apps
spec:
entryPoints:
- websecure
routes:
- match: Host(`drone.nocodelytics.com`)
kind: Rule
services:
- name: drone
port: 80
tls:
certResolver: letsencrypt
domains:
- main: drone.nocodelytics.com
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
namespace: apps
spec:
replicas: 1
selector:
matchLabels:
app: drone-runner
template:
metadata:
labels:
app: drone-runner
spec:
containers:
- name: runner
image: drone/drone-runner-docker:1
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_PROTO
value: "http"
- name: DRONE_RPC_HOST
value: "drone.apps"
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: secrets
key: DRONE_RPC_SECRET
- name: DRONE_RUNNER_CAPACITY
value: "1"
- name: DRONE_RUNNER_NAME
value: "k8s-runner"
- name: DRONE_SECRET_ENDPOINT
value: http://drone-secrets.default:3000
- name: DRONE_SECRET_PLUGIN_TOKEN
valueFrom:
secretKeyRef:
name: secrets
key: DRONE_RPC_SECRET
volumeMounts:
- name: docker-sock
mountPath: /var/run/docker.sock
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone-secrets-service-account
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: secret-reader
namespace: default
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: drone-secrets-rolebinding
namespace: default
subjects:
- kind: ServiceAccount
name: drone-secrets-service-account
roleRef:
kind: Role
name: secret-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-secrets
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: drone-secrets
template:
metadata:
labels:
app: drone-secrets
spec:
serviceAccountName: drone-secrets-service-account
containers:
- name: drone
image: drone/kubernetes-secrets:latest
ports:
- containerPort: 3000
env:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: secrets
key: DRONE_RPC_SECRET
---
apiVersion: v1
kind: Service
metadata:
name: drone-secrets
namespace: default
spec:
ports:
- port: 3000
targetPort: 3000
selector:
app: drone-secrets