adrien/ansible-role-k8s-ci
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

work in progress

Browse source
This commit is contained in:
Adrien Reslinger 2020-06-13 00:06:55 +02:00
commit 5f68c259f5
17 changed files with 994 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
files/NetworkPolicies/allow-from-namespace.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-namespaces
namespace: drone
spec:
podSelector: {}
ingress:
- from:
- podSelector: {}
- from:
- namespaceSelector:
matchLabels:
namespace: traefik
podSelector:
matchLabels:
app: traefik
policyTypes:
- Ingress

10
files/NetworkPolicies/default-deny-ingress.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
namespace: drone
spec:
podSelector: {}
policyTypes:
- Ingress

13
files/drone-runner/drone-runner-ConfigMap.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: drone-runner
namespace: drone
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/instance: drone
app.kubernetes.io/component: server
app.kubernetes.io/version: "1.6.5"
data:
DRONE_RPC_HOST: "drone.reslinger.net"
DRONE_RPC_PROTO: "https"

25
files/drone-runner/drone-runner-Role.yaml Normal file
View file

@ -0,0 +1,25 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: drone
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update

13
files/drone-runner/drone-runner-RoleBinding.yaml Normal file
View file

@ -0,0 +1,13 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone
namespace: default
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: Role
name: drone
apiGroup: rbac.authorization.k8s.io

27
files/drone-runner/drone-runner.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
namespace: drone
labels:
app.kubernetes.io/name: drone
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone
template:
metadata:
labels:
app.kubernetes.io/name: drone
spec:
containers:
- name: drone-runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
envFrom:
- configMapRef:
name: drone-runner
- secretRef:
name: drone-runner

81
files/drone_0.7.yml Normal file
View file

@ -0,0 +1,81 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: server
spec:
replicas: 1
template:
metadata:
labels:
name: server
spec:
containers:
- name: server
image: drone/drone:0.7
imagePullPolicy: Always
env:
- name: "DRONE_HOST"
value: CHANGE_ME
- name: "DRONE_OPEN"
value: CHANGE_ME
- name: "DRONE_GITHUB"
value: CHANGE_ME
- name: "DRONE_GITHUB_CLIENT"
value: CHANGE_ME
- name: "DRONE_GITHUB_SECRET"
value: CHANGE_ME
- name: "DRONE_SECRET"
value: CHANGE_ME
volumeMounts:
- mountPath: /var/lib/drone
name: drone-lib
volumes:
- name: drone-lib
hostPath:
path: /var/lib/drone
---
apiVersion: v1
kind: Service
metadata:
name: server
labels:
name: server
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 8000
selector:
name: server
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: agent
spec:
replicas: 1
template:
metadata:
labels:
name: agent
spec:
containers:
- name: agent
image: drone/drone:0.7
imagePullPolicy: Always
command:
- "/drone"
- "agent"
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-socket
env:
- name: "DRONE_SERVER"
value: ws://$(SERVER_SERVICE_HOST):$(SERVER_SERVICE_PORT)/ws/broker
- name: "DRONE_SECRET"
value: CHANGE_ME
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock