Refactor DroneCI

2023-12-29 10:36:05 +11:00 · 2023-12-29 10:36:05 +11:00 · e75f3c638f
commit e75f3c638f
parent 75cd0f2704
18 changed files with 286 additions and 303 deletions
--- a/services/DroneCI/_namespace-drone.yml
+++ b/services/DroneCI/_namespace-drone.yml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: drone
--- a/services/DroneCI/deploy-DroneCI.yml
+++ b/services/DroneCI/deploy-DroneCI.yml
@ -1,276 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: drone
-  namespace: drone
-spec:
-  ports:
-    - protocol: TCP
-      name: ui
-      port: 80
-  selector:
-    app: drone
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: drone
-  namespace: drone
-  labels:
-    app: drone
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: drone
-  template:
-    metadata:
-      labels:
-        app: drone
-    spec:
-      serviceAccountName: drone
-      containers:
-      - name: drone
-        image: drone/drone:latest
-        env:
-        - name: DRONE_SERVER_PROTO
-          value: 'https'
-        - name: DRONE_SERVER_HOST
-          value: 'ci.spamasaurus.com'
-        - name: DRONE_SERVER_PORT
-          value: ':80'
-        - name: DRONE_TLS_AUTOCERT
-          value: 'false'
-        - name: DRONE_GITEA_SERVER
-          value: 'https://code.spamasaurus.com'
-        - name: DRONE_GIT_ALWAYS_AUTH
-          value: 'false'
-        - name: DRONE_AGENTS_ENABLED
-          value: 'true'
-        - name: DRONE_USER_CREATE
-          value: 'username:djpbessems,admin:true'
-        - name: DRONE_TMATE_ENABLED
-          value: 'false'
-        envFrom:
-        - secretRef:
-            name: drone-secret
-        ports:
-          - name: ui
-            containerPort: 80
-        volumeMounts:
-        - mountPath: /data
-          name: flexvolsmb-drone-data
-      - name: drone-runner
-        image: drone/drone-runner-kube:latest
-        ports:
-        - containerPort: 3000
-        env:
-        - name: DRONE_RPC_HOST
-          value: 'ci.spamasaurus.com'
-        - name: DRONE_RPC_PROTO
-          value: 'https'
-        - name: DRONE_RUNNER_CAPACITY
-          value: '2'
-        - name: DRONE_RUNNER_MAX_PROCS
-          value: '3'
-        envFrom:
-        - secretRef:
-            name: drone-secret
-      volumes:
-      - name: flexvolsmb-drone-data
-        persistentVolumeClaim:
-          claimName: flexvolsmb-drone-data
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: drone
-  namespace: drone
-  labels:
-    app: drone
---
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: drone
-  namespace: drone
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`ci.spamasaurus.com`)
-    kind: Rule
-    services:
-    - name: drone
-      port: 80
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-drone-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/drone/data
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-drone-data
-  namespace: drone
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-data
-  resources:
-    requests:
-      storage: 1Gi
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-drone-certs
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-certs
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/traefikcertsdumper/export
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-drone-certs
-  namespace: drone
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-certs
-  resources:
-    requests:
-      storage: 10Gi
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-drone-output
-spec:
-  capacity:
-    storage: 50Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-output
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/websites/sn.itch.fyi/Repository/rel
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-drone-output
-  namespace: drone
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-output
-  resources:
-    requests:
-      storage: 50Gi
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-drone-scratch
-spec:
-  capacity:
-    storage: 50Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-scratch
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/drone/scratch
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-drone-scratch
-  namespace: drone
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-drone-scratch
-  resources:
-    requests:
-      storage: 50Gi
---
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: drone
-  namespace: drone
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - create
-      - delete
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - pods/log
-    verbs:
-      - get
-      - create
-      - delete
-      - list
-      - watch
-      - update
---
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: drone
-  namespace: drone
-subjects:
-  - kind: ServiceAccount
-    name: drone
-    namespace: default
-roleRef:
-  kind: Role
-  name: drone
-  apiGroup: rbac.authorization.k8s.io
--- a/services/DroneCI/deployment-drone.yaml
+++ b/services/DroneCI/deployment-drone.yaml
@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone
+  namespace: drone
+  labels:
+    app: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: drone
+  template:
+    metadata:
+      labels:
+        app: drone
+    spec:
+      serviceAccountName: drone
+      containers:
+      - name: drone
+        image: drone/drone:latest
+        env:
+        - name: DRONE_SERVER_PROTO
+          value: 'https'
+        - name: DRONE_SERVER_HOST
+          value: 'ci.spamasaurus.com'
+        - name: DRONE_SERVER_PORT
+          value: ':80'
+        - name: DRONE_TLS_AUTOCERT
+          value: 'false'
+        - name: DRONE_GITEA_SERVER
+          value: 'https://code.spamasaurus.com'
+        - name: DRONE_GIT_ALWAYS_AUTH
+          value: 'false'
+        - name: DRONE_AGENTS_ENABLED
+          value: 'true'
+        - name: DRONE_USER_CREATE
+          value: 'username:djpbessems,admin:true'
+        - name: DRONE_TMATE_ENABLED
+          value: 'false'
+        envFrom:
+        - secretRef:
+            name: drone
+        ports:
+          - name: ui
+            containerPort: 80
+        volumeMounts:
+        - mountPath: /data
+          name: flexvolsmb-drone-data
+      - name: drone-runner
+        image: drone/drone-runner-kube:latest
+        ports:
+        - containerPort: 3000
+        env:
+        - name: DRONE_RPC_HOST
+          value: 'ci.spamasaurus.com'
+        - name: DRONE_RPC_PROTO
+          value: 'https'
+        - name: DRONE_RUNNER_CAPACITY
+          value: '2'
+        - name: DRONE_RUNNER_MAX_PROCS
+          value: '3'
+        envFrom:
+        - secretRef:
+            name: drone
+      volumes:
+      - name: flexvolsmb-drone-data
+        persistentVolumeClaim:
+          claimName: flexvolsmb-drone-data
--- a/services/DroneCI/ingressroute-drone.yaml
+++ b/services/DroneCI/ingressroute-drone.yaml
@ -0,0 +1,17 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drone
+  namespace: drone
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`ci.spamasaurus.com`)
+    kind: Rule
+    services:
+    - name: drone
+      port: 80
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
--- a/services/DroneCI/persistentvolume-flexvolsmb-drone-certs.yaml
+++ b/services/DroneCI/persistentvolume-flexvolsmb-drone-certs.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-drone-certs
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-certs
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
+      server: 192.168.154.225
+      share: /K3s.Volumes/traefikcertsdumper/export
--- a/services/DroneCI/persistentvolume-flexvolsmb-drone-data.yaml
+++ b/services/DroneCI/persistentvolume-flexvolsmb-drone-data.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-drone-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-data
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
+      server: 192.168.154.225
+      share: /K3s.Volumes/drone/data
--- a/services/DroneCI/persistentvolume-flexvolsmb-drone-output.yaml
+++ b/services/DroneCI/persistentvolume-flexvolsmb-drone-output.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-drone-output
+spec:
+  capacity:
+    storage: 50Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-output
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
+      server: 192.168.154.225
+      share: /K3s.Volumes/lighttpd/websites/sn.itch.fyi/Repository/rel
--- a/services/DroneCI/persistentvolume-flexvolsmb-drone-scratch.yaml
+++ b/services/DroneCI/persistentvolume-flexvolsmb-drone-scratch.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-drone-scratch
+spec:
+  capacity:
+    storage: 50Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-scratch
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
+      server: 192.168.154.225
+      share: /K3s.Volumes/drone/scratch
--- a/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-certs.yaml
+++ b/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-certs.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-drone-certs
+  namespace: drone
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-certs
+  resources:
+    requests:
+      storage: 10Gi
--- a/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-data.yaml
+++ b/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-data.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-drone-data
+  namespace: drone
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-data
+  resources:
+    requests:
+      storage: 1Gi
--- a/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-output.yaml
+++ b/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-output.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-drone-output
+  namespace: drone
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-output
+  resources:
+    requests:
+      storage: 50Gi
--- a/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-scratch.yaml
+++ b/services/DroneCI/persistentvolumeclaim-flexvolsmb-drone-scratch.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-drone-scratch
+  namespace: drone
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-scratch
+  resources:
+    requests:
+      storage: 50Gi
--- a/services/DroneCI/role-drone.yaml
+++ b/services/DroneCI/role-drone.yaml
@ -0,0 +1,25 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: drone
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/log
+    verbs:
+      - get
+      - create
+      - delete
+      - list
+      - watch
+      - update
--- a/services/DroneCI/rolebinding-drone.yaml
+++ b/services/DroneCI/rolebinding-drone.yaml
@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: drone
+subjects:
+  - kind: ServiceAccount
+    name: drone
+    namespace: default
+roleRef:
+  kind: Role
+  name: drone
+  apiGroup: rbac.authorization.k8s.io
--- a/services/DroneCI/sealedSecret-DroneCI.yml
+++ b/services/DroneCI/sealedSecret-DroneCI.yml
@ -1,27 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "drone-secret",
-    "namespace": "default",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "drone-secret",
-        "namespace": "default",
-        "creationTimestamp": null,
-        "labels": {
-          "app": "drone"
-        }
-      },
-      "data": null
-    },
-    "encryptedData": {
-      "DRONE_GITEA_CLIENT_ID": "AgDcQCtyKJYBP4B2j4zMU/OqhWOJXw6r7jpom1ehXzcQH/Q5RtnTIYSkRtkuFu+PiAStLmJCfcdkGlnIBU5D5fThT5E9T9o4BWL7LyuQI+FzVx7jsvQ/mOSIy2ahdRGPIORenKjjVektmZxzIl2PwfYsKWuD8H8gJOm6l0OHi3cfDOdBpV59erUD+GiR4G4X70a0tu1zjfC4DDtfaj8wUnP0XVvrXC7Z5rCwNUEeJiFaJcq8ntQ+vRwfyjuCiNMJILj15X3ZdWH6CcjJceGVZ/qIE7mC4OdfWqpTyOwdIaodJX7H0ehnFXmf35cgTXWOjPGolA5jlN8Fcj5zchjQa9zkytdr90ruJGqs7ioDUQk00hVoQVQDjJPGe74Jfs55ml4sIx0piwk7WuatQZJzdHwLkflLRxKYOxQU3ubPMG+PO/pi5nsIEA3SvcG2s+8G9+hx6vxa7yqKGw6Lkqvged5p7On40Caq9LH3cqXbNGsWxOOcvNFBQLIEbb2Ck6He6BgoclG2+V2BRQqVRlsq1xf7dPP7A9Bt15IkdY+s4f+kkp/90kwwfziwNKkhBlymsPRPDkcpSgoioq0TIYpwOC3kAcoOa64dYBjzooL4/lwArcjZZgpETq4jzR5FIzIxH5U0UYIxduxH4uDGfLPgYS0HupJOw+ipW4PhEmtNVvC3POiH/s7S/Wom6PBncITcXqVx1/hcOkjG+kX/3anEnrUKr+QFdAxUzjocdKYi+TCKAAy9VbE=",
-      "DRONE_GITEA_CLIENT_SECRET": "AgCessVB1KOLF7JoZRPfLx/dW7dlJU1xdOfajiXciuU6VzCgpBv3ZxmZQLfQRKzNLnlHDOYog1mJYX7g2PANNZ61voHANa7K5wFKfqRE3kHbjHZ+FEdJxfoNOjqHzzOJcTsEm12GdKaVhnOE7WSz+hZmu1Z9Y8QOz5FwWTjblFZ14HNnGWGnd5is+ljwjM99H0TPKN9HZxM1XGQGM9bLR8vmohY6Uy+BUI7ih3hQZd21o86HBXHeid2h4C5/iGDnlhS36i6bA7olc7QJoH81LAMRX9q5U06Xp19jhzwHT4HEgIcvM5E+DfEAtNiLKcMgzPZ5Anor09ONjSAVR83PmI5Otw6/9dkPp2UMLSlI3OH/R5lGqdB4P54ltgaTJ/XDSEltOFMnUffitGdQCExW3eQ6QcHHrunRIMrnUwG6qjHT24eD9TON7rU5ccJtu6x5PcoJiigMPly3A4sKaQUK+Kj9WMqsLLu4lxtlLTs1Fud08DWnXVUZESvNZkLXM7CTE0H9VOxrvC0BnpoUwvC45LEyuwCxJkkbEsZutiPrWrbrY/dNIMxH+O5b4ZywsOd9PSKWZcxMKmtlV32r3NcnaZIfg6oeRKlGkdKYwAe5LsteaE58NKmKXTtt+M5aifUSSlg+f7UNI3Cb1Hzr2kyhkI8vswVfZrtaJWB2pM3AlzgXLdh/WoZKdrLPuaG9jC1OEP0IpeOJdacRWBlurHFnNAUDHM2c2f60KWncHVTOpjUigu19xUUoARHTGxKDUg==",
-      "DRONE_RPC_SECRET": "AgDVO1zyW7fGtMn9KcOIw442TrSQqWX/L2Y77AxUQasTrPf6zyNOVC714cnRfyKCZUFF8CacfmcZJw9yJ1YLzvIEDLFC//8yrJgFMEol0X6rako+uOu+yYMt74L/gr9BnAskL3AwGDzdPoeEunc0qBjQ5/x18/LEbKcCTa+FpoZ2eYQWoeGxD4sRtOyaz4d6pzn50ECoQ170Y5HSn0LDm6I7zPGMQYzD1uuuJlAel39PjI4iyIg1if2ppzS1ks4FDupwagettj6jQzcWIxW3zbAnxLFLJoqG6JH4rPIAV1oLyDumh3TJ9g2cw2UPa1hm6RxvwPeCvCTUTEUHuqoIE1vjuFVi2cD56Z7aLOj16yk2X2P23iiuUeEk7uA6k7IhO7c+nsmbkLPHvXnV3bXuyQYovVx29oFkuvbKFtEiJG5k5mzUqdkrb9Z+s/i8DkH50Ks6GrAenKDCHioi/UuYj7TbTyKYQY59w1q1S8FgMS1QyzlA+gLjUeQhZ7D3OaYFl0ZdyogGJie4gt+qGn1+ZSlgNMlFopO1cIz8AlLRPVH56LOJED0Ez8Fjjwg+B2/UN/KtB2bwsYlNzYIVOSa1NrxLe6GDxdqCsCiSdOLu9bBKN3MyQb2jF40Em0MqkUgJ0SmzQY8tSqZ7uu67qbbkwIGGZsql0h8t0vbIt2zX4wft7Rwtjj5OwxLwuV8ZS4SkUIxMVsr6xC9MnMGZ/qTzu4acJUOH9ykbBTdytgA0z2rz0Q=="
-    }
-  }
-}
--- a/services/DroneCI/sealedsecret-drone.yaml
+++ b/services/DroneCI/sealedsecret-drone.yaml
@ -0,0 +1,19 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: drone
+  namespace: drone
+spec:
+  encryptedData:
+    DRONE_GITEA_CLIENT_ID: AgCpCa3WzdcsQ102+c4RtkRGhxFqSKIn209dPd3E4eL6RgOAbPoeihxR+GslEwaapbt9VbkMS5O3uPNTqNEUDaz7s32S8qrmz2Ik7VLRGyKGvo/cQF2k0yzIEz1IZpgjNzpRWDgWN6LUBB01zEdZO2eGlEIFzJASfmLQdsYKb5shKMq+waObA1lUD/NHG2zhjXlXiYqCFqGh9sxFTudnrt+mVd8Yug2EOwStk5XDnMKh+xMJ3FWVry7tZlWGroa0PwGYnMV6JKCviFRdz1ksC8qu8D+ONAN10H9RhTq2pUtGErAGVew4hUKRUYbBP/jz5bZcJ0qhIHYLHbj67w1KuWflLt247EXXPYBeBkwhFBrKW9OowVttZJ/501mVpRwX/gdG7/CQhbzc5pgnMnVQiBQJbUM9f3xCPjJQp1KANkY4t353qx/+fd/OFwfwFiFqxPbvyC+e3IkxeyaFRb/U3zS6/Gsr3Ib1YTf8/3XUnmEJG86jyGycCNLapfdzubMtW7Z696GtXf0NbuUQ2ipE5k45fp5icIiskEHtub0bn2lu/9iZ1N765N5iFZ9f+GTSBAse7VqrjjUClNHLyp2UTOD7Y49ygo5QvmUr5RwQ8K9+MCkDBw1k4tB5+7CsFBez7C90zSKs/oWp78jHLcBglkR0wPQhPpuab50Fq+loGhF//DG2DPn5XKQveSF9kAglRNIHEDZ6HE/p0UEljxI6Nv3+vMjQPBUVPTKAlm+MyXOm9Qoyj2c=
+    DRONE_GITEA_CLIENT_SECRET: AgATrbXMSvR6QDM2LhWO+T4otJ4VPFYC0vmZgqlXRQweyj3dw4EB40CkFmWIniBWyPw4bu5OEU6t2EewXqz843uGKVDTO6SqVca8BW0bJnD6+wo38lI9bidBnuRZESWv13pBhjSqcqBNC26p7RNPBOQqwRhrPazsSYYPvum/em3Nsfsky7gq3LBwUIDJRmtHXYdkTbpJxtFsctGwKUHPVXQqIhn4Qg+Bq+dTfr2Oi83lvsS1bWDrxEGNTwQbuvyM+H/PEwfWNqgiw7y/+DYFD6WOxW8VChxhijcBZStTD1q7iu4RgSmQfhMUToC1lWmo+g2LBKyFWZDlOyOKEA6qeBNzscq2hCIbreEblD15vKN0bbNULC6wI4lQFtWgZelm8s4nrhNFMMGINLrik8i1kxk7u+nEs9/jfeaNryc2yPkaUwpd9IBiKjosJZtcmhw4dwLeoH6mlCZzI8QFbM+lZT/h3zX5o/vMDkMyHN3golxyHGmC6l75VVSPOOMMd7U+0MtieCMFqFrRwS1uuCsRMwulzddOWqKBLGj0j9Uwo6+GYRJvX/b4Cju23H8TZqoXiWGeEm5D3xnKv2HinchDkxGiD4x6mHlDOj6oMEyVsA648mE2zdRe/xSl6RU5Pmb81eZCOaW8tQz22d4SXlCI7SCcpJWunAQ5iLHtM6rJhB7ze4JASMJqAPH97bI51dCCF7mnWb2ACuCLm41/sUcLREGJlojnysPmCP7ape5gmWbGBggZESnBwc8GDNbG6Q==
+    DRONE_RPC_SECRET: AgBpDlIFB+xa56H5p1MrhrdDFPUYQ4bWKSFbgiI1y72eaFwMw8fpwhFpgLIwckxrieinLMzKOUuWYaOTNPLdIDyq72S4udUlAWx6wbSr2F4Fr9fZqsJ/aHP166DOGKRgDDVM5tLYgvwJkmhW+TDvFySeUC62t48wc9WXNA2+Uk+m0FHQIE3GveZ1RbuoqhWuNX2/KnPqM3t58Sj0l8z/apfXwSWKW47wioR6JSSQyWjM5J3YS8idMCp4YhpEStN23+D/cyAo8xSsN9fBGmyxeAQmsfZ3NG4LCDysOg1+uiTPcRrrLb7cE4JiUFq/gBvQrKbwa6S2iVquaCWrHAfkzPYuURqbAPwiNdGXVOhYxXfm9q4vwo9LAhanr7DZS/hReJI8zlUTBJqwi3O8nw6I+C38bmgFSTqsQMl4tuiAYc8PGP5lygC2xWdXL7iUWR1dydcyLRpZTqNrnHy+FqtXtJV8ZY6C5lixAdxeH+yLXUJ6HNzq46pQptW3dOyLv/WM3THY9lReMI4DMlGpABz7YLGjoSLiD17m9hBu0/Sedv4V2kPxdFleQqa5Ft+EHejULOdX+E104IYLbknR+cJemrh6EiEWU/rXCFtKsCuKhdqzhKkKJaZQ6XtoO0CMichqk104SUKirRrz+5bf2XFIzoGGI02lJV2fHvxx8KvME2U3XzyZDgb5wppI62yf/qXNQgMNenEzNL3aPXf+HSunqCc2PZr9s6fGu/n7iKE68EsbNg==
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: drone
+      name: drone
+      namespace: drone
+    type: Opaque
--- a/services/DroneCI/service-drone.yaml
+++ b/services/DroneCI/service-drone.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: drone
+  namespace: drone
+spec:
+  ports:
+    - protocol: TCP
+      name: ui
+      port: 80
+  selector:
+    app: drone
--- a/services/DroneCI/serviceaccount-drone.yaml
+++ b/services/DroneCI/serviceaccount-drone.yaml
@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: drone
+  namespace: drone
+  labels:
+    app: drone