From 6bd183d274de2f61c94c2ed5e24ce9228ada4ab3 Mon Sep 17 00:00:00 2001 From: Victor Date: Fri, 27 May 2022 15:20:29 +0200 Subject: [PATCH] deploy drone --- .../apps/gitops/drone/external-secret.yaml | 27 ++++++++++++++ .../apps/gitops/drone/kustomization.yaml | 6 ++++ flux/cluster/apps/gitops/drone/runner.yaml | 35 +++++++++++++++++++ flux/cluster/apps/gitops/drone/server.yaml | 30 ++++++++++++++++ .../flux-system/charts/helm/drone-charts.yaml | 10 ++++++ .../charts/helm/kustomization.yaml | 1 + flux/cluster/core/namespaces/drone-build.yaml | 5 +++ .../core/namespaces/kustomization.yaml | 1 + nixos/hosts/database/configuration.nix | 3 +- nixos/hosts/nginx/configuration.nix | 1 + 10 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 flux/cluster/apps/gitops/drone/external-secret.yaml create mode 100644 flux/cluster/apps/gitops/drone/kustomization.yaml create mode 100644 flux/cluster/apps/gitops/drone/runner.yaml create mode 100644 flux/cluster/apps/gitops/drone/server.yaml create mode 100644 flux/cluster/base/flux-system/charts/helm/drone-charts.yaml create mode 100644 flux/cluster/core/namespaces/drone-build.yaml diff --git a/flux/cluster/apps/gitops/drone/external-secret.yaml b/flux/cluster/apps/gitops/drone/external-secret.yaml new file mode 100644 index 0000000..b8f2845 --- /dev/null +++ b/flux/cluster/apps/gitops/drone/external-secret.yaml @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: drone + namespace: gitops +spec: + refreshInterval: "5m" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: drone + data: + - secretKey: DRONE_RPC_SECRET + remoteRef: + key: gitops/drone + property: drone_rpc_secret + + - secretKey: DRONE_GITEA_CLIENT_ID + remoteRef: + key: gitops/drone + property: drone_gitea_client_id + + - secretKey: DRONE_GITEA_CLIENT_SECRET + remoteRef: + key: gitops/drone + property: drone_gitea_client_secret diff --git a/flux/cluster/apps/gitops/drone/kustomization.yaml b/flux/cluster/apps/gitops/drone/kustomization.yaml new file mode 100644 index 0000000..8839b33 --- /dev/null +++ b/flux/cluster/apps/gitops/drone/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - server.yaml + - runner.yaml + - external-secret.yaml diff --git a/flux/cluster/apps/gitops/drone/runner.yaml b/flux/cluster/apps/gitops/drone/runner.yaml new file mode 100644 index 0000000..a00518f --- /dev/null +++ b/flux/cluster/apps/gitops/drone/runner.yaml @@ -0,0 +1,35 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: drone-runner-kube + namespace: gitops +spec: + interval: 1h + chart: + spec: + chart: drone-runner-kube + version: 0.1.8 + sourceRef: + kind: HelmRepository + name: drone-charts + namespace: flux-system + valuesFrom: + - kind: Secret + name: drone + valuesKey: DRONE_RPC_SECRET + targetPath: env.DRONE_RPC_SECRET + values: + image: + repository: drone/drone-runner-kube + tag: 1.0.0-rc.3 + ingress: + enabled: true + host: drone.0x76.dev + paths: + - path: / + pathType: Prefix + rbac: + buildNamespaces: + - drone-build + env: + DRONE_NAMESPACE_DEFAULT: drone-build diff --git a/flux/cluster/apps/gitops/drone/server.yaml b/flux/cluster/apps/gitops/drone/server.yaml new file mode 100644 index 0000000..df4a0e8 --- /dev/null +++ b/flux/cluster/apps/gitops/drone/server.yaml @@ -0,0 +1,30 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: drone + namespace: gitops +spec: + interval: 1h + chart: + spec: + chart: drone + version: 0.2.5 + sourceRef: + kind: HelmRepository + name: drone-charts + namespace: flux-system + values: + image: + repository: drone/drone + tag: 2.12.0 + persistentVolume: + enabled: false + extraSecretNamesForEnvFrom: + - drone + env: + DRONE_DATABASE_DRIVER: postgres + DRONE_DATABASE_DATASOURCE: postgres://drone@10.42.42.26/drone?sslmode=disable + DRONE_GIT_ALWAYS_AUTH: true + DRONE_GITEA_SERVER: https://git.0x76.dev + DRONE_SERVER_HOST: drone.0x76.dev + DRONE_SERVER_PROTO: https diff --git a/flux/cluster/base/flux-system/charts/helm/drone-charts.yaml b/flux/cluster/base/flux-system/charts/helm/drone-charts.yaml new file mode 100644 index 0000000..e88ec5a --- /dev/null +++ b/flux/cluster/base/flux-system/charts/helm/drone-charts.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: drone-charts + namespace: flux-system +spec: + interval: 15m + url: https://charts.drone.io + timeout: 3m diff --git a/flux/cluster/base/flux-system/charts/helm/kustomization.yaml b/flux/cluster/base/flux-system/charts/helm/kustomization.yaml index 5390dac..462fbd7 100644 --- a/flux/cluster/base/flux-system/charts/helm/kustomization.yaml +++ b/flux/cluster/base/flux-system/charts/helm/kustomization.yaml @@ -6,3 +6,4 @@ resources: - external-secrets-charts.yaml - authentik-charts.yaml - fairwinds-charts.yaml + - drone-charts.yaml diff --git a/flux/cluster/core/namespaces/drone-build.yaml b/flux/cluster/core/namespaces/drone-build.yaml new file mode 100644 index 0000000..de9788d --- /dev/null +++ b/flux/cluster/core/namespaces/drone-build.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: drone-build diff --git a/flux/cluster/core/namespaces/kustomization.yaml b/flux/cluster/core/namespaces/kustomization.yaml index 08073de..0dfe9d5 100644 --- a/flux/cluster/core/namespaces/kustomization.yaml +++ b/flux/cluster/core/namespaces/kustomization.yaml @@ -8,3 +8,4 @@ resources: - gitops.yaml - monitoring.yaml - olympus.yaml + - drone-build.yaml diff --git a/nixos/hosts/database/configuration.nix b/nixos/hosts/database/configuration.nix index 52f9f05..5e3f68f 100644 --- a/nixos/hosts/database/configuration.nix +++ b/nixos/hosts/database/configuration.nix @@ -4,8 +4,7 @@ { config, pkgs, ... }: let - databases = [ "authentik" "umami" ]; - + databases = [ "authentik" "umami" "drone" ]; in { imports = [ ]; diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix index 75bb531..949c5b7 100644 --- a/nixos/hosts/nginx/configuration.nix +++ b/nixos/hosts/nginx/configuration.nix @@ -45,6 +45,7 @@ in # Kubernetes endpoints virtualHosts."0x76.dev" = k8s_proxy; + virtualHosts."drone.0x76.dev" = k8s_proxy; virtualHosts."id.0x76.dev" = k8s_proxy; virtualHosts."msg.0x76.dev" = k8s_proxy; virtualHosts."zookeeper.0x76.dev" = k8s_proxy;