From 30c3f47afd5b5357f6ceac3d9e0e52f7f8785da0 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 3 Mar 2019 11:27:22 +0700 Subject: [PATCH 1/4] Initial Drone CI configs --- kubernetes/drone-rbac.yaml | 12 +++++ kubernetes/drone-server.yaml | 84 ++++++++++++++++++++++++++++++++ kubernetes/kosmos-namespace.yaml | 6 +++ 3 files changed, 102 insertions(+) create mode 100644 kubernetes/drone-rbac.yaml create mode 100644 kubernetes/drone-server.yaml create mode 100644 kubernetes/kosmos-namespace.yaml diff --git a/kubernetes/drone-rbac.yaml b/kubernetes/drone-rbac.yaml new file mode 100644 index 0000000..9185d36 --- /dev/null +++ b/kubernetes/drone-rbac.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: kosmos-drone-rbac +subjects: + - kind: ServiceAccount + name: kosmos-drone-server + namespace: kosmos +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/kubernetes/drone-server.yaml b/kubernetes/drone-server.yaml new file mode 100644 index 0000000..703a9d3 --- /dev/null +++ b/kubernetes/drone-server.yaml @@ -0,0 +1,84 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: kosmos-drone-server + namespace: kosmos + labels: + app: kosmos-drone +spec: + replicas: 1 + template: + metadata: + labels: + name: kosmos-drone-server + app: kosmos-drone + spec: + containers: + - name: kosmos-drone-server + image: drone/drone:1.0.0-rc.5 + imagePullPolicy: Always + env: + - name: DRONE_KUBERNETES_ENABLED + value: "true" + - name: DRONE_KUBERNETES_NAMESPACE + value: kosmos + - name: DRONE_GITEA_SERVER + value: https://gitea.kosmos.org + - name: DRONE_RPC_SECRET + value: 0500c55b6ae97a7f1e7c207477698b6d + - name: DRONE_SERVER_HOST + value: drone.kosmos.org + - name: DRONE_SERVER_PROTO + value: https + - name: DRONE_TLS_AUTOCERT + value: "true" + - name: DRONE_ADMIN + value: raucao,gregkare,galfert + - name: DRONE_LOGS_DEBUG + value: "true" + volumeMounts: + - mountPath: /var/lib/drone + name: kosmos-drone-data + ports: + - containerPort: 80 + - containerPort: 443 + volumes: + - name: kosmos-drone-data + persistentVolumeClaim: + claimName: kosmos-drone-data + restartPolicy: Always +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: kosmos-drone-data + namespace: kosmos + labels: + app: kosmos-drone +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3000Mi +status: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: kosmos-drone-server + namespace: kosmos + labels: + name: kosmos-drone-server + app: kosmos-drone +spec: + type: LoadBalancer + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + name: kosmos-drone-server diff --git a/kubernetes/kosmos-namespace.yaml b/kubernetes/kosmos-namespace.yaml new file mode 100644 index 0000000..b89f8e5 --- /dev/null +++ b/kubernetes/kosmos-namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kosmos + labels: + app: kosmos -- 2.25.1 From 08cd2ad2119aee22e88061e52081047064d857c1 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 3 Mar 2019 14:11:49 +0700 Subject: [PATCH 2/4] Fix rbac role Drone is using the "default" service account. --- kubernetes/drone-rbac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/drone-rbac.yaml b/kubernetes/drone-rbac.yaml index 9185d36..0ff6ff1 100644 --- a/kubernetes/drone-rbac.yaml +++ b/kubernetes/drone-rbac.yaml @@ -4,7 +4,7 @@ metadata: name: kosmos-drone-rbac subjects: - kind: ServiceAccount - name: kosmos-drone-server + name: default namespace: kosmos roleRef: kind: ClusterRole -- 2.25.1 From 69f62182a1215152d86860c1cc402bd81c838685 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Mon, 4 Mar 2019 13:38:10 +0700 Subject: [PATCH 3/4] Add resource requests and limits for Drone --- kubernetes/drone-server.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kubernetes/drone-server.yaml b/kubernetes/drone-server.yaml index 703a9d3..d5cbb0a 100644 --- a/kubernetes/drone-server.yaml +++ b/kubernetes/drone-server.yaml @@ -42,6 +42,13 @@ spec: ports: - containerPort: 80 - containerPort: 443 + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: 100m + memory: 100Mi volumes: - name: kosmos-drone-data persistentVolumeClaim: -- 2.25.1 From 122cb1232c384b8c6b569318434470aeabafd9f8 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Mon, 4 Mar 2019 15:41:11 +0700 Subject: [PATCH 4/4] Switch to latest Drone build Looks like the resource limit support from drone-runtime wasn't in -rc5. --- kubernetes/drone-server.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/drone-server.yaml b/kubernetes/drone-server.yaml index d5cbb0a..1d6be8c 100644 --- a/kubernetes/drone-server.yaml +++ b/kubernetes/drone-server.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: kosmos-drone-server - image: drone/drone:1.0.0-rc.5 + image: drone/drone:latest imagePullPolicy: Always env: - name: DRONE_KUBERNETES_ENABLED -- 2.25.1