infrastructure/k8s/roles/drone/tasks/main.yml

---
- name: Create Drone namespace
  kubernetes.core.k8s:
    name: drone
    api_version: v1
    kind: Namespace
    state: present
    definition:
      metadata:
        labels:
          prometheus: default

- name: Create additional namespaces
  kubernetes.core.k8s:
    name: "{{ item }}"
    api_version: v1
    kind: Namespace
    state: present
    definition:
      metadata:
        labels:
          prometheus: default
  loop: 
    - inetmock
    - blog
    - buildr

- name: Create Drone server secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: drone-secrets
        namespace: drone
      data:
        DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}"
        DRONE_GITEA_CLIENT_ID: "{{ drone.auth.clientId | b64encode }}"
        DRONE_GITEA_CLIENT_SECRET: "{{ drone.auth.clientSecret | b64encode }}"
        DRONE_GITEA_SERVER: "{{ 'https://code.icb4dc0.de' | b64encode }}"
        DRONE_DATABASE_DATASOURCE: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/drone?sslmode=disable' | format(drone.db.user, drone.db.password) | b64encode }}"
        DRONE_DATABASE_SECRET: "{{ drone.db.secret | b64encode }}"
        DRONE_COOKIE_SECRET: "{{ drone.cookie.secret | b64encode }}"
        AWS_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
        AWS_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"

- name: Create Drone runner secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: drone-runner-secrets
        namespace: drone
      data:
        DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}"

- name: Create Drone service account
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: drone-deploy
        namespace: drone

- name: Create Drone deploy secret
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: v1
      kind: Secret
      metadata:
        name: drone-deploy
        namespace: drone
        annotations:
          kubernetes.io/service-account.name: drone-deploy
      type: kubernetes.io/service-account-token

- name: Create Drone service account
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRole
      metadata:
        name: drone-deploy
      rules:
      - apiGroups: [""]
        resources:
        - secrets
        - configmaps
        - pods
        - services
        - persistentvolumeclaims
        - serviceaccounts
        verbs: ["*"]
      - apiGroups: ["apps"]
        resources:
        - replicasets
        - deployments
        - statefulsets
        verbs: ["*"]
      - apiGroups: ["batch"]
        resources:
        - jobs
        - cronjobs
        verbs: ["*"]
      - apiGroups: ["autoscaling"]
        resources:
        - horizontalpodautoscalers
        verbs: ["*"]
      - apiGroups: ["networking.k8s.io"]
        resources:
        - ingresses
        verbs: ["*"]
      - apiGroups: ["rbac.authorization.k8s.io"]
        resources:
        - roles
        - rolebindings
        verbs: ["*"]


- name: Create Drone service account
  kubernetes.core.k8s:
    state: present
    definition:
      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        name: drone-deploy-{{ item }}
        namespace: "{{ item }}"
      subjects:
      - kind: ServiceAccount
        name: drone-deploy
        namespace: drone
      roleRef:
        kind: ClusterRole
        name: drone-deploy
        apiGroup: rbac.authorization.k8s.io
  loop:
    - blog
    - inetmock
    - buildr

- name: Add Drone chart repo
  kubernetes.core.helm_repository:
    name: drone
    repo_url: https://charts.drone.io

- name: Add enapter chart repo
  kubernetes.core.helm_repository:
    name: enapter
    repo_url: https://enapter.github.io/charts/

- name: Deploy KeyDB
  kubernetes.core.helm:
    name: drone-session-cache
    chart_ref: enapter/keydb
    release_namespace: drone
    chart_version: 0.48.0
    update_repo_cache: true
    release_values: "{{ lookup('template', 'values.keydb.yml.j2') | from_yaml }}"

- name: Deploy Drone chart
  kubernetes.core.helm:
    name: drone
    chart_ref: drone/drone
    release_namespace: drone
    chart_version: 0.6.3
    update_repo_cache: true
    release_values: "{{ lookup('template', 'values.drone.yml.j2') | from_yaml }}"

- name: Deploy Drone runner chart
  kubernetes.core.helm:
    name: drone-kube-runner
    chart_ref: drone/drone-runner-docker
    release_namespace: drone
    chart_version: 0.6.0
    update_repo_cache: true
    release_values: "{{ lookup('template', 'values.drone-runner-docker.yml.j2') | from_yaml }}"
feat: replace concourse with drone 2023-02-22 21:24:44 +00:00			`---`
			`- name: Create Drone namespace`
			`kubernetes.core.k8s:`
			`name: drone`
			`api_version: v1`
			`kind: Namespace`
			`state: present`
			`definition:`
			`metadata:`
			`labels:`
			`prometheus: default`

feat(drone): configure service account for K8s deployments 2023-04-18 07:19:03 +00:00			`- name: Create additional namespaces`
			`kubernetes.core.k8s:`
			`name: "{{ item }}"`
			`api_version: v1`
			`kind: Namespace`
			`state: present`
			`definition:`
			`metadata:`
			`labels:`
			`prometheus: default`
			`loop:`
			`- inetmock`
			`- blog`
			`- buildr`

feat: replace concourse with drone 2023-02-22 21:24:44 +00:00			`- name: Create Drone server secret`
			`kubernetes.core.k8s:`
			`state: present`
			`definition:`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: drone-secrets`
			`namespace: drone`
			`data:`
			`DRONE_RPC_SECRET: "{{ drone.rpc.secret \| b64encode }}"`
			`DRONE_GITEA_CLIENT_ID: "{{ drone.auth.clientId \| b64encode }}"`
			`DRONE_GITEA_CLIENT_SECRET: "{{ drone.auth.clientSecret \| b64encode }}"`
			`DRONE_GITEA_SERVER: "{{ 'https://code.icb4dc0.de' \| b64encode }}"`
			`DRONE_DATABASE_DATASOURCE: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/drone?sslmode=disable' \| format(drone.db.user, drone.db.password) \| b64encode }}"`
			`DRONE_DATABASE_SECRET: "{{ drone.db.secret \| b64encode }}"`
			`DRONE_COOKIE_SECRET: "{{ drone.cookie.secret \| b64encode }}"`
			`AWS_ACCESS_KEY_ID: "{{ minio.rootUser \| b64encode }}"`
			`AWS_SECRET_ACCESS_KEY: "{{ minio.rootPassword \| b64encode }}"`

			`- name: Create Drone runner secret`
			`kubernetes.core.k8s:`
			`state: present`
			`definition:`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: drone-runner-secrets`
			`namespace: drone`
			`data:`
			`DRONE_RPC_SECRET: "{{ drone.rpc.secret \| b64encode }}"`

feat(drone): configure service account for K8s deployments 2023-04-18 07:19:03 +00:00			`- name: Create Drone service account`
			`kubernetes.core.k8s:`
			`state: present`
			`definition:`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: drone-deploy`
			`namespace: drone`

			`- name: Create Drone deploy secret`
			`kubernetes.core.k8s:`
			`state: present`
			`definition:`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: drone-deploy`
			`namespace: drone`
			`annotations:`
			`kubernetes.io/service-account.name: drone-deploy`
			`type: kubernetes.io/service-account-token`

			`- name: Create Drone service account`
			`kubernetes.core.k8s:`
			`state: present`
			`definition:`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: drone-deploy`
			`rules:`
			`- apiGroups: [""]`
			`resources:`
			`- secrets`
			`- configmaps`
			`- pods`
			`- services`
			`- persistentvolumeclaims`
			`- serviceaccounts`
			`verbs: ["*"]`
			`- apiGroups: ["apps"]`
			`resources:`
			`- replicasets`
			`- deployments`
			`- statefulsets`
			`verbs: ["*"]`
			`- apiGroups: ["batch"]`
			`resources:`
			`- jobs`
			`- cronjobs`
			`verbs: ["*"]`
			`- apiGroups: ["autoscaling"]`
			`resources:`
			`- horizontalpodautoscalers`
			`verbs: ["*"]`
			`- apiGroups: ["networking.k8s.io"]`
			`resources:`
			`- ingresses`
			`verbs: ["*"]`
			`- apiGroups: ["rbac.authorization.k8s.io"]`
			`resources:`
			`- roles`
			`- rolebindings`
			`verbs: ["*"]`


			`- name: Create Drone service account`
			`kubernetes.core.k8s:`
			`state: present`
			`definition:`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: drone-deploy-{{ item }}`
			`namespace: "{{ item }}"`
			`subjects:`
			`- kind: ServiceAccount`
			`name: drone-deploy`
			`namespace: drone`
			`roleRef:`
			`kind: ClusterRole`
			`name: drone-deploy`
			`apiGroup: rbac.authorization.k8s.io`
			`loop:`
			`- blog`
			`- inetmock`
			`- buildr`

feat: replace concourse with drone 2023-02-22 21:24:44 +00:00			`- name: Add Drone chart repo`
			`kubernetes.core.helm_repository:`
			`name: drone`
			`repo_url: https://charts.drone.io`

			`- name: Add enapter chart repo`
			`kubernetes.core.helm_repository:`
			`name: enapter`
			`repo_url: https://enapter.github.io/charts/`

			`- name: Deploy KeyDB`
			`kubernetes.core.helm:`
			`name: drone-session-cache`
			`chart_ref: enapter/keydb`
			`release_namespace: drone`
chore: upgrade Gitea 2023-04-04 16:18:49 +00:00			`chart_version: 0.48.0`
feat: replace concourse with drone 2023-02-22 21:24:44 +00:00			`update_repo_cache: true`
			`release_values: "{{ lookup('template', 'values.keydb.yml.j2') \| from_yaml }}"`

			`- name: Deploy Drone chart`
			`kubernetes.core.helm:`
			`name: drone`
			`chart_ref: drone/drone`
			`release_namespace: drone`
			`chart_version: 0.6.3`
			`update_repo_cache: true`
			`release_values: "{{ lookup('template', 'values.drone.yml.j2') \| from_yaml }}"`

			`- name: Deploy Drone runner chart`
			`kubernetes.core.helm:`
			`name: drone-kube-runner`
			`chart_ref: drone/drone-runner-docker`
			`release_namespace: drone`
			`chart_version: 0.6.0`
			`update_repo_cache: true`
			`release_values: "{{ lookup('template', 'values.drone-runner-docker.yml.j2') \| from_yaml }}"`