feat: replace concourse with drone
This commit is contained in:
parent
a5e1fd6eb0
commit
ae55b8ae64
16 changed files with 828 additions and 1036 deletions
|
@ -1,31 +0,0 @@
|
||||||
resource "hcloud_server" "concourse_nodes" {
|
|
||||||
for_each = var.ci_workers
|
|
||||||
|
|
||||||
name = each.key
|
|
||||||
server_type = each.value.server_type
|
|
||||||
datacenter = "hel1-dc2"
|
|
||||||
image = "ubuntu-22.04"
|
|
||||||
|
|
||||||
backups = false
|
|
||||||
|
|
||||||
ssh_keys = [
|
|
||||||
hcloud_ssh_key.default.id
|
|
||||||
]
|
|
||||||
|
|
||||||
labels = {
|
|
||||||
"node_type" = each.value.node_type
|
|
||||||
}
|
|
||||||
|
|
||||||
public_net {
|
|
||||||
ipv4_enabled = true
|
|
||||||
ipv6_enabled = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "hcloud_server_network" "concourse_internal" {
|
|
||||||
for_each = var.ci_workers
|
|
||||||
|
|
||||||
server_id = hcloud_server.concourse_nodes[each.key].id
|
|
||||||
network_id = hcloud_network.k8s_net.id
|
|
||||||
ip = each.value.private_ip
|
|
||||||
}
|
|
|
@ -24,14 +24,6 @@ variable "k3os_workers" {
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "ci_workers" {
|
|
||||||
type = map(object({
|
|
||||||
node_type = string
|
|
||||||
server_type = string
|
|
||||||
private_ip = string
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "ssh_keys" {
|
variable "ssh_keys" {
|
||||||
type = list(string)
|
type = list(string)
|
||||||
default = []
|
default = []
|
||||||
|
|
|
@ -2,14 +2,14 @@ k3os_workers = {
|
||||||
"worker1-gen2" = {
|
"worker1-gen2" = {
|
||||||
backups = false
|
backups = false
|
||||||
node_type = "worker"
|
node_type = "worker"
|
||||||
server_type = "cpx21"
|
server_type = "cx31"
|
||||||
private_ip = "172.23.2.22"
|
private_ip = "172.23.2.22"
|
||||||
}
|
}
|
||||||
|
|
||||||
"worker2-gen2" = {
|
"worker2-gen2" = {
|
||||||
backups = false
|
backups = false
|
||||||
node_type = "worker"
|
node_type = "worker"
|
||||||
server_type = "cpx21"
|
server_type = "cx31"
|
||||||
private_ip = "172.23.2.23"
|
private_ip = "172.23.2.23"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -23,14 +23,6 @@ vms = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ci_workers = {
|
|
||||||
"concourse-worker-vm-1" = {
|
|
||||||
node_type = "concourse_worker"
|
|
||||||
server_type = "cpx21"
|
|
||||||
private_ip = "172.23.2.31"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"]
|
ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"]
|
||||||
|
|
||||||
release_channel = "stable"
|
release_channel = "stable"
|
|
@ -7,4 +7,4 @@
|
||||||
- role: hcloud
|
- role: hcloud
|
||||||
- role: minio
|
- role: minio
|
||||||
- role: gitea
|
- role: gitea
|
||||||
- role: concourse
|
- role: drone
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,68 +0,0 @@
|
||||||
---
|
|
||||||
- name: Download concourse
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: https://github.com/concourse/concourse/releases/download/v{{ concourse_version }}/concourse-{{ concourse_version }}-linux-amd64.tgz
|
|
||||||
dest: /tmp/concourse.tgz
|
|
||||||
mode: '0640'
|
|
||||||
checksum: sha1:https://github.com/concourse/concourse/releases/download/v{{ concourse_version }}/concourse-{{ concourse_version }}-linux-amd64.tgz.sha1
|
|
||||||
register: download_concourse
|
|
||||||
|
|
||||||
- name: Extract concourse
|
|
||||||
ansible.builtin.unarchive:
|
|
||||||
src: /tmp/concourse.tgz
|
|
||||||
dest: /opt/
|
|
||||||
remote_src: true
|
|
||||||
when: download_concourse.changed
|
|
||||||
|
|
||||||
- name: Create concourse user
|
|
||||||
ansible.builtin.user:
|
|
||||||
name: concourse
|
|
||||||
home: /var/lib/concourse
|
|
||||||
shell: /bin/false
|
|
||||||
groups: users,docker
|
|
||||||
|
|
||||||
- name: Create /etc/concourse
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/concourse
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Create /etc/concourse
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /var/lib/concourse/.ssh
|
|
||||||
state: directory
|
|
||||||
owner: concourse
|
|
||||||
|
|
||||||
- name: Deploy concourse keys
|
|
||||||
ansible.builtin.copy:
|
|
||||||
content: "{{ item.content }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: '0440'
|
|
||||||
loop:
|
|
||||||
- content: "{{ concourse.worker.workerKey }}"
|
|
||||||
dest: /var/lib/concourse/.ssh/id_rsa
|
|
||||||
- content: "{{ concourse.worker.workerKeyPub }}"
|
|
||||||
dest: /var/lib/concourse/.ssh/id_rsa.pub
|
|
||||||
- content: "{{ concourse.worker.hostKeyPub }}"
|
|
||||||
dest: /var/lib/concourse/.ssh/web_key.pub
|
|
||||||
|
|
||||||
- name: Create concourse config
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: concourse-cfg.j2
|
|
||||||
dest: /etc/concourse/worker
|
|
||||||
mode: '0640'
|
|
||||||
register: create_concourse_config
|
|
||||||
|
|
||||||
- name: Create concourse service file
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: concourse-worker.service.j2
|
|
||||||
dest: /lib/systemd/system/concourse-worker.service
|
|
||||||
mode: '0640'
|
|
||||||
register: create_concourse_service
|
|
||||||
|
|
||||||
- name: Make sure a service unit is running
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
name: concourse-worker
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: true
|
|
||||||
enabled: true
|
|
||||||
when: create_concourse_service.changed or create_concourse_config.changed
|
|
|
@ -1,8 +0,0 @@
|
||||||
CONCOURSE_WORK_DIR=/var/lib/concourse
|
|
||||||
CONCOURSE_TSA_HOST=172.23.2.10:32222
|
|
||||||
CONCOURSE_CONTAINERD_DNS_SERVER="1.1.1.1"
|
|
||||||
CONCOURSE_CONTAINERD_ALLOW_HOST_ACCESS="true"
|
|
||||||
CONCOURSE_TSA_PUBLIC_KEY=/var/lib/concourse/.ssh/web_key.pub
|
|
||||||
CONCOURSE_TSA_WORKER_PRIVATE_KEY=/var/lib/concourse/.ssh/id_rsa
|
|
||||||
CONCOURSE_RUNTIME=containerd
|
|
||||||
CONCOURSE_TAG="linux,vm,ubuntu"
|
|
|
@ -1,11 +0,0 @@
|
||||||
[Unit]
|
|
||||||
Description=Concourse worker
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
EnvironmentFile=/etc/concourse/worker
|
|
||||||
ExecStart=/opt/concourse/bin/concourse worker
|
|
||||||
KillSignal=SIGUSR1
|
|
||||||
TimeoutStopSec=300
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
|
@ -1,107 +0,0 @@
|
||||||
---
|
|
||||||
- name: Create Concourse namespace
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
name: concourse
|
|
||||||
api_version: v1
|
|
||||||
kind: Namespace
|
|
||||||
state: present
|
|
||||||
definition:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
||||||
|
|
||||||
- name: Add Concourse chart repo
|
|
||||||
kubernetes.core.helm_repository:
|
|
||||||
name: concourse
|
|
||||||
repo_url: https://concourse-charts.storage.googleapis.com/
|
|
||||||
|
|
||||||
- name: Create Concourse worker secret
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
state: present
|
|
||||||
definition:
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: concourse-worker
|
|
||||||
namespace: concourse
|
|
||||||
data:
|
|
||||||
host-key-pub: "{{ concourse.worker.hostKeyPub | b64encode}}"
|
|
||||||
worker-key: "{{ concourse.worker.workerKey | b64encode}}"
|
|
||||||
worker-key-pub: "{{ concourse.worker.workerKeyPub | b64encode}}"
|
|
||||||
|
|
||||||
- name: Create Concourse web secret
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
state: present
|
|
||||||
definition:
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: concourse-web
|
|
||||||
namespace: concourse
|
|
||||||
data:
|
|
||||||
worker-key-pub: "{{ concourse.worker.workerKeyPub | b64encode}}"
|
|
||||||
host-key: "{{ concourse.web.hostKey | b64encode}}"
|
|
||||||
session-signing-key: "{{ concourse.web.sessionSigningKey | b64encode}}"
|
|
||||||
postgresql-user: "{{ concourse.db.user | b64encode}}"
|
|
||||||
postgresql-password: "{{ concourse.db.password | b64encode}}"
|
|
||||||
encryption-key: "{{ concourse.encryptionKey | b64encode}}"
|
|
||||||
oidc-client-id: "{{ concourse.auth.clientId | b64encode }}"
|
|
||||||
oidc-client-secret: "{{ concourse.auth.clientSecret | b64encode }}"
|
|
||||||
local-users: "{{ ('concourse:%s' % concourse.local.password) | b64encode }}"
|
|
||||||
|
|
||||||
- name: Deploy Concourse chart
|
|
||||||
kubernetes.core.helm:
|
|
||||||
name: concourse
|
|
||||||
chart_ref: concourse/concourse
|
|
||||||
release_namespace: concourse
|
|
||||||
chart_version: 17.1.1
|
|
||||||
update_repo_cache: true
|
|
||||||
release_values: "{{ lookup('template', 'values.concourse.yml.j2') | from_yaml }}"
|
|
||||||
|
|
||||||
- name: Create concourse RBAC resources
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
state: present
|
|
||||||
definition: "{{ lookup('template', 'rbac/deploy-role.yml.j2') | from_yaml }}"
|
|
||||||
|
|
||||||
- name: Bind service account for deployment
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
name: "{{ item }}"
|
|
||||||
namespace: "{{ item }}"
|
|
||||||
definition: "{{ lookup('template', 'rbac/deploy-rolebinding.yml.j2') | from_yaml }}"
|
|
||||||
state: present
|
|
||||||
loop:
|
|
||||||
- concourse-main
|
|
||||||
- concourse-inetmock
|
|
||||||
- blog
|
|
||||||
- inetmock
|
|
||||||
|
|
||||||
- name: Create Gitea team credentials
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
state: present
|
|
||||||
definition:
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: gitea-credentials
|
|
||||||
namespace: "concourse-{{ item }}"
|
|
||||||
data:
|
|
||||||
user: "{{ concourse.gitea.user | b64encode}}"
|
|
||||||
token: "{{ concourse.gitea.token | b64encode}}"
|
|
||||||
loop:
|
|
||||||
- main
|
|
||||||
- inetmock
|
|
||||||
|
|
||||||
- name: Create Github team credentials
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
state: present
|
|
||||||
definition:
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: github-credentials
|
|
||||||
namespace: "concourse-{{ item }}"
|
|
||||||
data:
|
|
||||||
token: "{{ github.token | b64encode}}"
|
|
||||||
loop:
|
|
||||||
- main
|
|
||||||
- inetmock
|
|
|
@ -1,41 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: concourse-deploy
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: concourse
|
|
||||||
app.kubernetes.io/part-of: concourse
|
|
||||||
app.kubernetes.io/component: worker
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- configmaps
|
|
||||||
- secrets
|
|
||||||
- services
|
|
||||||
verbs:
|
|
||||||
- "*"
|
|
||||||
|
|
||||||
- apiGroups:
|
|
||||||
- "apps"
|
|
||||||
resources:
|
|
||||||
- deployments
|
|
||||||
- statefulsets
|
|
||||||
verbs:
|
|
||||||
- "*"
|
|
||||||
|
|
||||||
- apiGroups:
|
|
||||||
- "networking.k8s.io"
|
|
||||||
resources:
|
|
||||||
- "ingresses"
|
|
||||||
verbs:
|
|
||||||
- "*"
|
|
||||||
|
|
||||||
- apiGroups:
|
|
||||||
- "monitoring.coreos.com"
|
|
||||||
resources:
|
|
||||||
- "podmonitors"
|
|
||||||
- "servicemonitors"
|
|
||||||
verbs:
|
|
||||||
- "*"
|
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ item }}
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: concourse-deploy
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: concourse-worker
|
|
||||||
namespace: concourse
|
|
|
@ -1,66 +0,0 @@
|
||||||
web:
|
|
||||||
enabled: true
|
|
||||||
env:
|
|
||||||
- name: CONCOURSE_ENABLE_ACROSS_STEP
|
|
||||||
value: "true"
|
|
||||||
- name: CONCOURSE_ENABLE_PIPELINE_INSTANCES
|
|
||||||
value: "true"
|
|
||||||
service:
|
|
||||||
workerGateway:
|
|
||||||
type: NodePort
|
|
||||||
NodePort: 32222
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
hosts:
|
|
||||||
- concourse.icb4dc0.de
|
|
||||||
|
|
||||||
worker:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
concourse:
|
|
||||||
web:
|
|
||||||
externalUrl: https://concourse.icb4dc0.de
|
|
||||||
containerPlacementStrategies:
|
|
||||||
- limit-active-tasks
|
|
||||||
- fewest-build-containers
|
|
||||||
limitActiveTasks: 2
|
|
||||||
auth:
|
|
||||||
mainTeam:
|
|
||||||
oidc:
|
|
||||||
user: prskr
|
|
||||||
oidc:
|
|
||||||
enabled: true
|
|
||||||
displayName: Gitea
|
|
||||||
issuer: https://code.icb4dc0.de/
|
|
||||||
scope: ""
|
|
||||||
userNameKey: preferred_username
|
|
||||||
disableGroups: true
|
|
||||||
skipEmailVerifiedValidation: true
|
|
||||||
postgres:
|
|
||||||
host: postgres-15-postgresql.postgres.svc.cluster.local
|
|
||||||
port: "5432"
|
|
||||||
database: concourse
|
|
||||||
kubernetes:
|
|
||||||
teams:
|
|
||||||
- main
|
|
||||||
- inetmock
|
|
||||||
gc:
|
|
||||||
failedGracePeriod: 30s
|
|
||||||
worker:
|
|
||||||
runtime: containerd
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
enabled: true
|
|
||||||
worker:
|
|
||||||
storageClass: hcloud-volumes
|
|
||||||
size: "15Gi"
|
|
||||||
|
|
||||||
postgresql:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
rbac:
|
|
||||||
apiVersion: v1
|
|
||||||
create: true
|
|
||||||
|
|
||||||
secrets:
|
|
||||||
create: false
|
|
80
k8s/roles/drone/tasks/main.yml
Normal file
80
k8s/roles/drone/tasks/main.yml
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
---
|
||||||
|
- name: Create Drone namespace
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
name: drone
|
||||||
|
api_version: v1
|
||||||
|
kind: Namespace
|
||||||
|
state: present
|
||||||
|
definition:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
||||||
|
|
||||||
|
- name: Create Drone server secret
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
state: present
|
||||||
|
definition:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: drone-secrets
|
||||||
|
namespace: drone
|
||||||
|
data:
|
||||||
|
DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}"
|
||||||
|
DRONE_GITEA_CLIENT_ID: "{{ drone.auth.clientId | b64encode }}"
|
||||||
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone.auth.clientSecret | b64encode }}"
|
||||||
|
DRONE_GITEA_SERVER: "{{ 'https://code.icb4dc0.de' | b64encode }}"
|
||||||
|
DRONE_DATABASE_DATASOURCE: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/drone?sslmode=disable' | format(drone.db.user, drone.db.password) | b64encode }}"
|
||||||
|
DRONE_DATABASE_SECRET: "{{ drone.db.secret | b64encode }}"
|
||||||
|
DRONE_COOKIE_SECRET: "{{ drone.cookie.secret | b64encode }}"
|
||||||
|
AWS_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
|
||||||
|
AWS_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"
|
||||||
|
|
||||||
|
- name: Create Drone runner secret
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
state: present
|
||||||
|
definition:
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: drone-runner-secrets
|
||||||
|
namespace: drone
|
||||||
|
data:
|
||||||
|
DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}"
|
||||||
|
|
||||||
|
- name: Add Drone chart repo
|
||||||
|
kubernetes.core.helm_repository:
|
||||||
|
name: drone
|
||||||
|
repo_url: https://charts.drone.io
|
||||||
|
|
||||||
|
- name: Add enapter chart repo
|
||||||
|
kubernetes.core.helm_repository:
|
||||||
|
name: enapter
|
||||||
|
repo_url: https://enapter.github.io/charts/
|
||||||
|
|
||||||
|
- name: Deploy KeyDB
|
||||||
|
kubernetes.core.helm:
|
||||||
|
name: drone-session-cache
|
||||||
|
chart_ref: enapter/keydb
|
||||||
|
release_namespace: drone
|
||||||
|
chart_version: 0.46.1
|
||||||
|
update_repo_cache: true
|
||||||
|
release_values: "{{ lookup('template', 'values.keydb.yml.j2') | from_yaml }}"
|
||||||
|
|
||||||
|
- name: Deploy Drone chart
|
||||||
|
kubernetes.core.helm:
|
||||||
|
name: drone
|
||||||
|
chart_ref: drone/drone
|
||||||
|
release_namespace: drone
|
||||||
|
chart_version: 0.6.3
|
||||||
|
update_repo_cache: true
|
||||||
|
release_values: "{{ lookup('template', 'values.drone.yml.j2') | from_yaml }}"
|
||||||
|
|
||||||
|
- name: Deploy Drone runner chart
|
||||||
|
kubernetes.core.helm:
|
||||||
|
name: drone-kube-runner
|
||||||
|
chart_ref: drone/drone-runner-docker
|
||||||
|
release_namespace: drone
|
||||||
|
chart_version: 0.6.0
|
||||||
|
update_repo_cache: true
|
||||||
|
release_values: "{{ lookup('template', 'values.drone-runner-docker.yml.j2') | from_yaml }}"
|
|
@ -0,0 +1,8 @@
|
||||||
|
extraSecretNamesForEnvFrom:
|
||||||
|
- drone-runner-secrets
|
||||||
|
|
||||||
|
env:
|
||||||
|
DRONE_RUNNER_PRIVILEGED_IMAGES: code.icb4dc0.de/inetmock/inetmock
|
||||||
|
DRONE_RPC_HOST: drone.drone.svc.cluster.local:8080
|
||||||
|
DRONE_RPC_PROTO: http
|
||||||
|
DRONE_RUNNER_CAPACITY: 1
|
30
k8s/roles/drone/templates/values.drone.yml.j2
Normal file
30
k8s/roles/drone/templates/values.drone.yml.j2
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- host: drone.icb4dc0.de
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
|
||||||
|
persistentVolume:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
extraSecretNamesForEnvFrom:
|
||||||
|
- drone-secrets
|
||||||
|
|
||||||
|
env:
|
||||||
|
## REQUIRED: Set the user-visible Drone hostname, sans protocol.
|
||||||
|
## Ref: https://docs.drone.io/installation/reference/drone-server-host/
|
||||||
|
##
|
||||||
|
DRONE_SERVER_HOST: "drone.icb4dc0.de"
|
||||||
|
DRONE_SERVER_PROTO: https
|
||||||
|
|
||||||
|
DRONE_DATABASE_DRIVER: postgres
|
||||||
|
DRONE_GIT_ALWAYS_AUTH: true
|
||||||
|
|
||||||
|
DRONE_S3_ENDPOINT: http://minio.minio.svc.cluster.local:9000
|
||||||
|
DRONE_S3_BUCKET: drone
|
||||||
|
DRONE_S3_PATH_STYLE: true
|
||||||
|
AWS_DEFAULT_REGION: us-east-1
|
||||||
|
AWS_REGION: us-east-1
|
||||||
|
DRONE_REDIS_CONNECTION: redis://drone-session-cache-keydb:6379
|
18
k8s/roles/drone/templates/values.keydb.yml.j2
Normal file
18
k8s/roles/drone/templates/values.keydb.yml.j2
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
persistentVolume:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 60Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128Mi
|
||||||
|
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
||||||
|
|
||||||
|
exporter:
|
||||||
|
enabled: true
|
Loading…
Reference in a new issue