apiVersion: v1 kind: Service metadata: name: drone spec: ports: - protocol: TCP name: ui port: 80 selector: app: drone --- apiVersion: apps/v1 kind: Deployment metadata: name: drone labels: app: drone spec: replicas: 1 selector: matchLabels: app: drone template: metadata: labels: app: drone spec: serviceAccountName: drone containers: - name: drone image: drone/drone:latest env: - name: DRONE_SERVER_PROTO value: 'https' - name: DRONE_SERVER_HOST value: 'ci.spamasaurus.com' - name: DRONE_SERVER_PORT value: ':80' - name: DRONE_TLS_AUTOCERT value: 'false' - name: DRONE_GITEA_SERVER value: 'https://code.spamasaurus.com' - name: DRONE_GIT_ALWAYS_AUTH value: 'false' - name: DRONE_AGENTS_ENABLED value: 'true' - name: DRONE_USER_CREATE value: 'username:djpbessems,admin:true' - name: DRONE_TMATE_ENABLED value: 'false' envFrom: - secretRef: name: drone-secret ports: - name: ui containerPort: 80 volumeMounts: - mountPath: /data name: flexvolsmb-drone-data - name: drone-runner image: drone/drone-runner-kube:latest ports: - containerPort: 3000 env: - name: DRONE_RPC_HOST value: 'ci.spamasaurus.com' - name: DRONE_RPC_PROTO value: 'https' - name: DRONE_RUNNER_CAPACITY value: '2' - name: DRONE_RUNNER_MAX_PROCS value: '3' envFrom: - secretRef: name: drone-secret volumes: - name: flexvolsmb-drone-data persistentVolumeClaim: claimName: flexvolsmb-drone-data --- apiVersion: v1 kind: ServiceAccount metadata: name: drone labels: app: drone --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: drone spec: entryPoints: - websecure routes: - match: Host(`ci.spamasaurus.com`) kind: Rule services: - name: drone port: 80 middlewares: - name: security-headers@file - name: compression@file --- apiVersion: v1 kind: PersistentVolume metadata: name: flexvolsmb-drone-data spec: capacity: storage: 1Gi accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-data flexVolume: driver: mount/smb secretRef: name: smb-secret options: opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl server: 192.168.11.225 share: /K3s.Volumes/drone/data --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: flexvolsmb-drone-data namespace: default spec: accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-data resources: requests: storage: 1Gi --- apiVersion: v1 kind: PersistentVolume metadata: name: flexvolsmb-drone-certs spec: capacity: storage: 10Gi accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-certs flexVolume: driver: mount/smb secretRef: name: smb-secret options: opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 server: 192.168.11.225 share: /K3s.Volumes/traefikcertsdumper/export --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: flexvolsmb-drone-certs namespace: default spec: accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-certs resources: requests: storage: 10Gi --- apiVersion: v1 kind: PersistentVolume metadata: name: flexvolsmb-drone-output spec: capacity: storage: 50Gi accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-output flexVolume: driver: mount/smb secretRef: name: smb-secret options: opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 server: 192.168.11.225 share: /K3s.Volumes/lighttpd/websites/sn.itch.fyi/Repository/rel --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: flexvolsmb-drone-output namespace: default spec: accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-output resources: requests: storage: 50Gi --- apiVersion: v1 kind: PersistentVolume metadata: name: flexvolsmb-drone-scratch spec: capacity: storage: 50Gi accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-scratch flexVolume: driver: mount/smb secretRef: name: smb-secret options: opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 server: 192.168.11.225 share: /K3s.Volumes/drone/scratch --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: flexvolsmb-drone-scratch namespace: default spec: accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-scratch resources: requests: storage: 50Gi --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: drone rules: - apiGroups: - "" resources: - secrets verbs: - create - delete - apiGroups: - "" resources: - pods - pods/log verbs: - get - create - delete - list - watch - update --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: drone namespace: default subjects: - kind: ServiceAccount name: drone namespace: default roleRef: kind: Role name: drone apiGroup: rbac.authorization.k8s.io