Peter Kurfer
831a85436f
All checks were successful
continuous-integration/drone/push Build is passing
198 lines
No EOL
5.2 KiB
YAML
198 lines
No EOL
5.2 KiB
YAML
---
|
|
- name: Create Drone namespace
|
|
kubernetes.core.k8s:
|
|
name: drone
|
|
api_version: v1
|
|
kind: Namespace
|
|
state: present
|
|
definition:
|
|
metadata:
|
|
labels:
|
|
prometheus: default
|
|
|
|
- name: Create additional namespaces
|
|
kubernetes.core.k8s:
|
|
name: "{{ item }}"
|
|
api_version: v1
|
|
kind: Namespace
|
|
state: present
|
|
definition:
|
|
metadata:
|
|
labels:
|
|
prometheus: default
|
|
loop:
|
|
- inetmock
|
|
- blog
|
|
- buildr
|
|
|
|
- name: Create Drone server secret
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: drone-secrets
|
|
namespace: drone
|
|
data:
|
|
DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}"
|
|
DRONE_GITEA_CLIENT_ID: "{{ drone.auth.clientId | b64encode }}"
|
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone.auth.clientSecret | b64encode }}"
|
|
DRONE_GITEA_SERVER: "{{ 'https://code.icb4dc0.de' | b64encode }}"
|
|
DRONE_DATABASE_DATASOURCE: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/drone?sslmode=disable' | format(drone.db.user, drone.db.password) | b64encode }}"
|
|
DRONE_DATABASE_SECRET: "{{ drone.db.secret | b64encode }}"
|
|
DRONE_COOKIE_SECRET: "{{ drone.cookie.secret | b64encode }}"
|
|
AWS_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
|
|
AWS_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"
|
|
|
|
- name: Create Drone runner secret
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: drone-runner-secrets
|
|
namespace: drone
|
|
data:
|
|
DRONE_RPC_SECRET: "{{ drone.rpc.secret | b64encode }}"
|
|
|
|
- name: Create Drone service account
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: drone-deploy
|
|
namespace: drone
|
|
|
|
- name: Create Drone deploy secret
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: drone-deploy
|
|
namespace: drone
|
|
annotations:
|
|
kubernetes.io/service-account.name: drone-deploy
|
|
type: kubernetes.io/service-account-token
|
|
|
|
- name: Create Drone deployment cluster role
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: drone-deploy
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources:
|
|
- secrets
|
|
- configmaps
|
|
- pods
|
|
- services
|
|
- persistentvolumeclaims
|
|
- serviceaccounts
|
|
verbs: ["*"]
|
|
- apiGroups: ["apps"]
|
|
resources:
|
|
- replicasets
|
|
- deployments
|
|
- statefulsets
|
|
verbs: ["*"]
|
|
- apiGroups: ["batch"]
|
|
resources:
|
|
- jobs
|
|
- cronjobs
|
|
verbs: ["*"]
|
|
- apiGroups: ["autoscaling"]
|
|
resources:
|
|
- horizontalpodautoscalers
|
|
verbs: ["*"]
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources:
|
|
- ingresses
|
|
verbs: ["*"]
|
|
- apiGroups: ["rbac.authorization.k8s.io"]
|
|
resources:
|
|
- roles
|
|
- rolebindings
|
|
verbs: ["*"]
|
|
- apiGroups: ["monitoring.coreos.com"]
|
|
resources:
|
|
- podmonitors
|
|
- servicemonitors
|
|
verbs: ["*"]
|
|
|
|
|
|
- name: Create Drone deploy role bindings
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: drone-deploy-{{ item }}
|
|
namespace: "{{ item }}"
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: drone-deploy
|
|
namespace: drone
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: drone-deploy
|
|
apiGroup: rbac.authorization.k8s.io
|
|
loop:
|
|
- blog
|
|
- inetmock
|
|
- buildr
|
|
|
|
- name: Add Drone chart repo
|
|
kubernetes.core.helm_repository:
|
|
name: drone
|
|
repo_url: https://charts.drone.io
|
|
|
|
- name: Add enapter chart repo
|
|
kubernetes.core.helm_repository:
|
|
name: enapter
|
|
repo_url: https://enapter.github.io/charts/
|
|
|
|
- name: Deploy KeyDB
|
|
kubernetes.core.helm:
|
|
name: drone-session-cache
|
|
chart_ref: enapter/keydb
|
|
release_namespace: drone
|
|
chart_version: "0.48.0"
|
|
update_repo_cache: true
|
|
release_values: "{{ lookup('template', 'values.keydb.yml.j2') | from_yaml }}"
|
|
|
|
- name: Deploy Drone chart
|
|
kubernetes.core.helm:
|
|
name: drone
|
|
chart_ref: drone/drone
|
|
release_namespace: drone
|
|
chart_version: "0.6.3"
|
|
update_repo_cache: true
|
|
release_values: "{{ lookup('template', 'values.drone.yml.j2') | from_yaml }}"
|
|
|
|
- name: Deploy Drone runner chart
|
|
kubernetes.core.helm:
|
|
name: drone-kube-runner-x86-64
|
|
chart_ref: drone/drone-runner-docker
|
|
release_namespace: drone
|
|
chart_version: 0.6.0
|
|
update_repo_cache: true
|
|
release_values: "{{ lookup('template', 'values.drone-runner-docker.x86_64.yml.j2') | from_yaml }}"
|
|
|
|
- name: Deploy Drone runner chart
|
|
kubernetes.core.helm:
|
|
name: drone-kube-runner-arm64
|
|
chart_ref: drone/drone-runner-docker
|
|
release_namespace: drone
|
|
chart_version: 0.6.0
|
|
update_repo_cache: true
|
|
release_values: "{{ lookup('template', 'values.drone-runner-docker.arm64.yml.j2') | from_yaml }}" |