--- - name: Create Drone namespace kubernetes.core.k8s: name: drone api_version: v1 kind: Namespace state: present definition: metadata: labels: prometheus: default - name: Create additional namespaces kubernetes.core.k8s: name: "{{ item }}" api_version: v1 kind: Namespace state: present definition: metadata: labels: prometheus: default loop: - inetmock - blog - buildr - name: Create Drone server secret kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: drone-secrets namespace: drone data: DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}" DRONE_GITEA_CLIENT_ID: "{{ drone.auth.clientId | b64encode }}" DRONE_GITEA_CLIENT_SECRET: "{{ drone.auth.clientSecret | b64encode }}" DRONE_GITEA_SERVER: "{{ 'https://code.icb4dc0.de' | b64encode }}" DRONE_DATABASE_DATASOURCE: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/drone?sslmode=disable' | format(drone.db.user, drone.db.password) | b64encode }}" DRONE_DATABASE_SECRET: "{{ drone.db.secret | b64encode }}" DRONE_COOKIE_SECRET: "{{ drone.cookie.secret | b64encode }}" AWS_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}" AWS_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}" - name: Create Drone runner secret kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: drone-runner-secrets namespace: drone data: DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}" - name: Create Drone service account kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: ServiceAccount metadata: name: drone-deploy namespace: drone - name: Create Drone deploy secret kubernetes.core.k8s: state: present definition: apiVersion: v1 kind: Secret metadata: name: drone-deploy namespace: drone annotations: kubernetes.io/service-account.name: drone-deploy type: kubernetes.io/service-account-token - name: Create Drone service account kubernetes.core.k8s: state: present definition: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: drone-deploy rules: - apiGroups: [""] resources: - secrets - configmaps - pods - services - persistentvolumeclaims - serviceaccounts verbs: ["*"] - apiGroups: ["apps"] resources: - replicasets - deployments - statefulsets verbs: ["*"] - apiGroups: ["batch"] resources: - jobs - cronjobs verbs: ["*"] - apiGroups: ["autoscaling"] resources: - horizontalpodautoscalers verbs: ["*"] - apiGroups: ["networking.k8s.io"] resources: - ingresses verbs: ["*"] - apiGroups: ["rbac.authorization.k8s.io"] resources: - roles - rolebindings verbs: ["*"] - name: Create Drone service account kubernetes.core.k8s: state: present definition: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: drone-deploy-{{ item }} namespace: "{{ item }}" subjects: - kind: ServiceAccount name: drone-deploy namespace: drone roleRef: kind: ClusterRole name: drone-deploy apiGroup: rbac.authorization.k8s.io loop: - blog - inetmock - buildr - name: Add Drone chart repo kubernetes.core.helm_repository: name: drone repo_url: https://charts.drone.io - name: Add enapter chart repo kubernetes.core.helm_repository: name: enapter repo_url: https://enapter.github.io/charts/ - name: Deploy KeyDB kubernetes.core.helm: name: drone-session-cache chart_ref: enapter/keydb release_namespace: drone chart_version: 0.48.0 update_repo_cache: true release_values: "{{ lookup('template', 'values.keydb.yml.j2') | from_yaml }}" - name: Deploy Drone chart kubernetes.core.helm: name: drone chart_ref: drone/drone release_namespace: drone chart_version: 0.6.3 update_repo_cache: true release_values: "{{ lookup('template', 'values.drone.yml.j2') | from_yaml }}" - name: Deploy Drone runner chart kubernetes.core.helm: name: drone-kube-runner chart_ref: drone/drone-runner-docker release_namespace: drone chart_version: 0.6.0 update_repo_cache: true release_values: "{{ lookup('template', 'values.drone-runner-docker.yml.j2') | from_yaml }}"