Switch to latest Drone build

Looks like the resource limit support from drone-runtime wasn't in -rc5.

custom/options/label/Default

@@ -1,11 +0,0 @@
-#db231d bug ; Something is not working
-#76db1d enhancement ; Improving existing functionality
-#1d76db feature ; New functionality
-#db1d76 idea ; Something to consider
-#db1d76 question ; Looking for an answer
-#fbca04 security ; All your base are belong to us
-#1dd5db ui/ux ; User interface, process design, etc.
-#333333 dev environment ; Config, builds, CI, deployment, etc.
-#cccccc duplicate ; This issue or pull request already exists
-#cccccc invalid ; Not a bug
-#cccccc wontfix ; This won't be fixed

custom/options/label/Kosmos

@@ -1,14 +0,0 @@
-#db231d bug ; Something is not working
-#76db1d enhancement ; Improving existing functionality
-#1d76db feature ; New functionality
-#db1d76 idea ; Something to consider
-#db1d76 question ; Looking for an answer
-#fbca04 security ; All your base are belong to us
-#1dd5db ui/ux ; User interface, process design, etc.
-#333333 dev environment ; Config, builds, CI, deployment, etc.
-#008080 kredits-1 ; Small contribution
-#008080 kredits-2 ; Medium contribution
-#008080 kredits-3 ; Large contribution
-#cccccc duplicate ; This issue or pull request already exists
-#cccccc invalid ; Not a bug
-#cccccc wontfix ; This won't be fixed

doc/kubernetes.md

@@ -41,3 +41,31 @@ Kubernetes before uploading them again. This is done by this script:
 > @whitecolor, in your case you should be fine by clearing `PV.Spec.ClaimRef.UID` in the PV. Only the re-created PVC (with any UID) can then use the PV. And it's your responsibility that only the right person can craft appropriate PVC so nobody can steal your data.
 
 https://github.com/kubernetes/kubernetes/issues/48609#issuecomment-314066616
+
+## Update Gitea
+
+### Released version
+
+Change the image for the gitea-server container
+(`kubernetes/gitea-server.yaml`) to `gitea/gitea:TAG`, for example:
+`gitea/gitea:1.7.0-rc2`
+
+### Unreleased version
+
+This is useful to deploy features that are in master but not yet in a release.
+
+    $ docker pull gitea/gitea
+    $ docker tag gitea/gitea:latest kosmosorg/gitea:production
+    $ docker push kosmosorg/gitea
+
+Set the image for the gitea-server container to `kosmosorg/gitea:latest`, or run 
+this command to force a deployment if it is already set to it
+
+    $ kubectl patch deployment gitea-server -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}"
+
+### Build our own image
+
+At the root of the [https://github.com/go-gitea/gitea](gitea repo)
+
+    $ DOCKER_TAG=production DOCKER_IMAGE=kosmosorg/gitea make docker # builds and tags kosmosorg/gitea:production locally
+    $ docker push kosmosorg/gitea

kubernetes/drone-rbac.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: kosmos-drone-rbac
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: kosmos
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io

kubernetes/drone-server.yaml

@@ -0,0 +1,91 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: kosmos-drone-server
+  namespace: kosmos
+  labels:
+    app: kosmos-drone
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        name: kosmos-drone-server
+        app: kosmos-drone
+    spec:
+      containers:
+        - name: kosmos-drone-server
+          image: drone/drone:latest
+          imagePullPolicy: Always
+          env:
+            - name: DRONE_KUBERNETES_ENABLED
+              value: "true"
+            - name: DRONE_KUBERNETES_NAMESPACE
+              value: kosmos
+            - name: DRONE_GITEA_SERVER
+              value: https://gitea.kosmos.org
+            - name: DRONE_RPC_SECRET
+              value: 0500c55b6ae97a7f1e7c207477698b6d
+            - name: DRONE_SERVER_HOST
+              value: drone.kosmos.org
+            - name: DRONE_SERVER_PROTO
+              value: https
+            - name: DRONE_TLS_AUTOCERT
+              value: "true"
+            - name: DRONE_ADMIN
+              value: raucao,gregkare,galfert
+            - name: DRONE_LOGS_DEBUG
+              value: "true"
+          volumeMounts:
+            - mountPath: /var/lib/drone
+              name: kosmos-drone-data
+          ports:
+            - containerPort: 80
+            - containerPort: 443
+          resources:
+            requests:
+              cpu: 50m
+              memory: 50Mi
+            limits:
+              cpu: 100m
+              memory: 100Mi
+      volumes:
+        - name: kosmos-drone-data
+          persistentVolumeClaim:
+            claimName: kosmos-drone-data
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kosmos-drone-data
+  namespace: kosmos
+  labels:
+    app: kosmos-drone
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3000Mi
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kosmos-drone-server
+  namespace: kosmos
+  labels:
+    name: kosmos-drone-server
+    app: kosmos-drone
+spec:
+  type: LoadBalancer
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: 80
+    - name: "https"
+      port: 443
+      targetPort: 443
+  selector:
+    name: kosmos-drone-server

kubernetes/gitea-server.yaml

@@ -26,7 +26,7 @@ spec:
       # file exists in the conf/ directory of the data directory
       # (/data/gitea/conf in our case)
       - name: gitea-server
-        image: gitea/gitea:1.7
+        image: gitea/gitea:1.7.1
         ports:
         - containerPort: 3000
         - containerPort: 3001

kubernetes/kosmos-namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kosmos
+  labels:
+    app: kosmos