Kubernetes.K3s.installLog/services/DroneCI/deploy-DroneCI.yml

273 lines
5.5 KiB
YAML

apiVersion: v1
kind: Service
metadata:
name: drone
spec:
ports:
- protocol: TCP
name: ui
port: 80
selector:
app: drone
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone
labels:
app: drone
spec:
replicas: 1
selector:
matchLabels:
app: drone
template:
metadata:
labels:
app: drone
spec:
serviceAccountName: drone
containers:
- name: drone
image: drone/drone:latest
env:
- name: DRONE_SERVER_PROTO
value: 'https'
- name: DRONE_SERVER_HOST
value: 'ci.spamasaurus.com'
- name: DRONE_SERVER_PORT
value: ':80'
- name: DRONE_TLS_AUTOCERT
value: 'false'
- name: DRONE_GITEA_SERVER
value: 'https://code.spamasaurus.com'
- name: DRONE_GIT_ALWAYS_AUTH
value: 'false'
- name: DRONE_AGENTS_ENABLED
value: 'true'
- name: DRONE_USER_CREATE
value: 'username:djpbessems,admin:true'
- name: DRONE_TMATE_ENABLED
value: 'false'
envFrom:
- secretRef:
name: drone-secret
ports:
- name: ui
containerPort: 80
volumeMounts:
- mountPath: /data
name: flexvolsmb-drone-data
- name: drone-runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: 'ci.spamasaurus.com'
- name: DRONE_RPC_PROTO
value: 'https'
- name: DRONE_RUNNER_CAPACITY
value: '2'
- name: DRONE_RUNNER_MAX_PROCS
value: '3'
envFrom:
- secretRef:
name: drone-secret
volumes:
- name: flexvolsmb-drone-data
persistentVolumeClaim:
claimName: flexvolsmb-drone-data
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone
labels:
app: drone
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: drone
spec:
entryPoints:
- websecure
routes:
- match: Host(`ci.spamasaurus.com`)
kind: Rule
services:
- name: drone
port: 80
middlewares:
- name: security-headers@file
- name: compression@file
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-drone-data
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-data
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/drone/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-drone-data
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-data
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-drone-certs
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-certs
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/traefikcertsdumper/export
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-drone-certs
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-certs
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-drone-output
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-output
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/lighttpd/websites/sn.itch.fyi/Repository/rel
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-drone-output
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-output
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-drone-scratch
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-scratch
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
server: 192.168.11.225
share: /K3s.Volumes/drone/scratch
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-drone-scratch
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-scratch
resources:
requests:
storage: 50Gi
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: drone
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone
namespace: default
subjects:
- kind: ServiceAccount
name: drone
namespace: default
roleRef:
kind: Role
name: drone
apiGroup: rbac.authorization.k8s.io