Switch to latest Drone build

Looks like the resource limit support from drone-runtime wasn't in -rc5.

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "vendor/ark"]
+	path = vendor/ark
+	url = git@github.com:heptio/ark.git

README.md

@@ -1,26 +1,9 @@
 # gitea.kosmos.org
 
 This repository contains configuration files and other assets, that are used to
-deploy and operate this Gitea instance. Feel free to [open
+deploy and operate this Gitea instance.
-issues](https://gitea.kosmos.org/kosmos/gitea.kosmos.org/issues) for questions,
-suggestions, bugs, to-do items, and whatever else you want to discuss or
-resolve.
 
-## Building & deploying
+Feel free to [open issues] for questions, suggestions, bugs, to-do items, and
+whatever else you want to discuss or resolve.
 
-To create a new image containing the customizations:
+[open issues]: https://gitea.kosmos.org/kosmos/gitea.kosmos.org/issues
-
-Edit `packer/custom.json` to increment the tag, then run this script (needs
-[Packer](https://www.packer.io/) in your path)
-
-
-    ./script/build_customizations_image
-
-
-Then edit `kubernetes/gitea-server.yaml` to use the new tag
-(`image: eu.gcr.io/fluted-magpie-218106/gitea_custom:$VERSION`) and apply the
-change:
-
-
-    cd kubernetes
-    kubectl apply -f gitea-server.yaml

custom/options/label/Default

@@ -1,11 +0,0 @@
-#db231d bug ; Something is not working
-#76db1d enhancement ; Improving existing functionality
-#1d76db feature ; New functionality
-#db1d76 idea ; Something to consider
-#db1d76 question ; Looking for an answer
-#fbca04 security ; All your base are belong to us
-#1dd5db ui/ux ; User interface, process design, etc.
-#333333 dev environment ; Config, builds, CI, deployment, etc.
-#cccccc duplicate ; This issue or pull request already exists
-#cccccc invalid ; Not a bug
-#cccccc wontfix ; This won't be fixed

custom/options/label/Kosmos

@@ -1,14 +0,0 @@
-#db231d bug ; Something is not working
-#76db1d enhancement ; Improving existing functionality
-#1d76db feature ; New functionality
-#db1d76 idea ; Something to consider
-#db1d76 question ; Looking for an answer
-#fbca04 security ; All your base are belong to us
-#1dd5db ui/ux ; User interface, process design, etc.
-#333333 dev environment ; Config, builds, CI, deployment, etc.
-#008080 kredits-1 ; Small contribution
-#008080 kredits-2 ; Medium contribution
-#008080 kredits-3 ; Large contribution
-#cccccc duplicate ; This issue or pull request already exists
-#cccccc invalid ; Not a bug
-#cccccc wontfix ; This won't be fixed

doc/backup-and-restore.md

@@ -1,28 +1,36 @@
 # Backups
 
-We're using [Velero][1] (formerly Ark) for backing up Kubernetes config and GKE
+We're using [Ark][1] for backing up Kubernetes config and GKE resources. It is
-resources. It is available as a compiled binary for your platform [on GitHub][2]
+available as a Git submodule in the `vendor/` folder (incl. the `ark`
+executable).
 
-The Velero service is running on the Sidamo cluster and was set up using the
+In order to initialize and update submodules in your local repo, run once:
-[official docs' GCP instructions][3]. There's a daily backup
+
+    git submodule update --init
+
+Then, to fetch/update the modules, run:
+
+    git submodule update
+
+The Ark service is running on the Sidamo cluster and was set up using the
+[official docs' GCP instructions and config files][4]. There's a daily backup
 schedule in effect for Gitea (using the label `app=gitea`).
 
-Please refer to Velero's [ Getting Started ][4] doc for all backup and restore
+Please refer to Ark's [ Getting Started ][5] doc for all backup and restore
 commands.
 
 ## Backup location
 
 Cluster configuration (including all live resources) is backed up to [a Google
-Cloud Storage container][5].
+Cloud Storage container][3].
 
 ## Persistent volumes
 
-Persistent volumes are just GCE disks. Thus, with the current config, Velero
+Persistent volumes are just GCE disks. Thus, with the current config, Ark
-creates volume snapshots as native [GCE disk snapshots][6].
+creates volume snapshots as native [GCE disk snapshots][2].
 
-[1]: https://velero.io/docs/v1.0.0
+[1]: https://heptio.github.io/ark/v0.10.0
-[2]: https://github.com/heptio/velero/releases/tag/v1.0.0
+[2]: https://console.cloud.google.com/compute/snapshots?organizationId=772167872692&project=fluted-magpie-218106&tab=snapshots&snapshotssize=50
-[3]: https://velero.io/docs/v1.0.0/gcp-config/
+[3]: https://console.cloud.google.com/storage/browser/sidamo-backups?project=fluted-magpie-218106&organizationId=772167872692
-[4]: https://velero.io/docs/v1.0.0/about/
+[4]: https://heptio.github.io/ark/v0.10.0/gcp-config
-[5]: https://console.cloud.google.com/storage/browser/sidamo-backups-new?project=fluted-magpie-218106&organizationId=772167872692
+[5]: https://heptio.github.io/ark/v0.10.0/get-started
-[6]: https://console.cloud.google.com/compute/snapshots?organizationId=772167872692&project=fluted-magpie-218106&tab=snapshots&snapshotssize=50

kubernetes/drone-rbac.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: kosmos-drone-rbac
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: kosmos
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io

kubernetes/drone-server.yaml

@@ -0,0 +1,91 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: kosmos-drone-server
+  namespace: kosmos
+  labels:
+    app: kosmos-drone
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        name: kosmos-drone-server
+        app: kosmos-drone
+    spec:
+      containers:
+        - name: kosmos-drone-server
+          image: drone/drone:latest
+          imagePullPolicy: Always
+          env:
+            - name: DRONE_KUBERNETES_ENABLED
+              value: "true"
+            - name: DRONE_KUBERNETES_NAMESPACE
+              value: kosmos
+            - name: DRONE_GITEA_SERVER
+              value: https://gitea.kosmos.org
+            - name: DRONE_RPC_SECRET
+              value: 0500c55b6ae97a7f1e7c207477698b6d
+            - name: DRONE_SERVER_HOST
+              value: drone.kosmos.org
+            - name: DRONE_SERVER_PROTO
+              value: https
+            - name: DRONE_TLS_AUTOCERT
+              value: "true"
+            - name: DRONE_ADMIN
+              value: raucao,gregkare,galfert
+            - name: DRONE_LOGS_DEBUG
+              value: "true"
+          volumeMounts:
+            - mountPath: /var/lib/drone
+              name: kosmos-drone-data
+          ports:
+            - containerPort: 80
+            - containerPort: 443
+          resources:
+            requests:
+              cpu: 50m
+              memory: 50Mi
+            limits:
+              cpu: 100m
+              memory: 100Mi
+      volumes:
+        - name: kosmos-drone-data
+          persistentVolumeClaim:
+            claimName: kosmos-drone-data
+      restartPolicy: Always
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kosmos-drone-data
+  namespace: kosmos
+  labels:
+    app: kosmos-drone
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3000Mi
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kosmos-drone-server
+  namespace: kosmos
+  labels:
+    name: kosmos-drone-server
+    app: kosmos-drone
+spec:
+  type: LoadBalancer
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: 80
+    - name: "https"
+      port: 443
+      targetPort: 443
+  selector:
+    name: kosmos-drone-server

kubernetes/gitea-db.yaml

@@ -32,19 +32,13 @@ spec:
           value: gitea
         image: mariadb:10.3.10
         name: gitea-db
+        resources: {}
         ports:
           - containerPort: 3306
             name: mysql
         volumeMounts:
         - mountPath: /var/lib/mysql
           name: gitea-db-data
-        resources:
-          requests:
-            cpu: 250m
-            memory: 150Mi
-          limits:
-            cpu: 500m
-            memory: 300Mi
       restartPolicy: Always
       volumes:
       - name: gitea-db-data

kubernetes/gitea-server.yaml

@@ -1,4 +1,4 @@
-apiVersion: apps/v1
+apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: gitea-server
@@ -6,9 +6,6 @@ metadata:
     app: gitea
 spec:
   replicas: 1
-  selector:
-    matchLabels:
-      app: gitea
   template:
     metadata:
       labels:
@@ -17,22 +14,19 @@ spec:
     spec:
       initContainers:
         - name: init-config
-          # This is a busybox image with our gitea customizations saved to
+          image: busybox
-          # /custom, built using ./script/build_customizations_image from the
+          command: ['sh', '-c', 'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && chown -R 1000:1000 /data/gitea']
-          # root of the repo
-          image: eu.gcr.io/fluted-magpie-218106/gitea_custom:0.1
-          command: [
-            'sh', '-c',
-            'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && cp -R /custom/* /data/gitea && chown -R 1000:1000 /data/gitea'
-          ]
           volumeMounts:
           - mountPath: /data
             name: gitea-server-data
           - mountPath: /root/conf
             name: config
       containers:
+      # This is only used for the initial setup, it does nothing once a app.ini
+      # file exists in the conf/ directory of the data directory
+      # (/data/gitea/conf in our case)
       - name: gitea-server
-        image: gitea/gitea:1.9.0
+        image: gitea/gitea:1.7.1
         ports:
         - containerPort: 3000
         - containerPort: 3001
@@ -40,13 +34,6 @@ spec:
         volumeMounts:
         - mountPath: /data
           name: gitea-server-data
-        resources:
-          requests:
-            cpu: 250m
-            memory: 256Mi
-          limits:
-            cpu: 500m
-            memory: 512Mi
       restartPolicy: Always
       volumes:
       - name: gitea-server-data
@@ -77,7 +64,7 @@ spec:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 20Gi
+      storage: 1Gi
 ---
 apiVersion: v1
 kind: Service

kubernetes/kosmos-namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kosmos
+  labels:
+    app: kosmos

packer/custom.json

@@ -1,29 +0,0 @@
-{
-  "builders": [{
-    "type": "docker",
-    "image": "busybox",
-    "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/sh"],
-    "commit": true
-  }],
-  "provisioners": [
-    {
-      "inline": ["mkdir /custom"],
-      "type": "shell"
-    },
-    {
-      "type": "file",
-      "source": "../custom/",
-      "destination": "/custom"
-    }
-  ],
-  "post-processors": [
-    [
-      {
-        "type": "docker-tag",
-        "repository": "eu.gcr.io/fluted-magpie-218106/gitea_custom",
-        "tag": "0.1"
-      },
-      "docker-push"
-    ]
-  ]
-}

script/build_customizations_image

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-# fail fast
-set -e
-
-cd packer/
-packer build custom.json
-cd -