From f1e4652bba20f0e60e760f9318969eefada6d52a Mon Sep 17 00:00:00 2001 From: Adrien Date: Sun, 14 Jun 2020 22:24:07 +0200 Subject: [PATCH] Update manifest --- .../drone-runner/drone-runner-ConfigMap.yaml | 15 +++-- files/drone-runner/drone-runner-Role.yaml | 50 +++++++++------- .../drone-runner-RoleBinding.yaml | 20 +++++-- files/drone-runner/drone-runner-Service.yaml | 24 ++++++++ .../drone-runner-ServiceAccount.yaml | 10 +++- files/drone-runner/drone-runner.yaml | 59 +++++++++++++++---- tasks/main.yml | 1 + 7 files changed, 132 insertions(+), 47 deletions(-) create mode 100644 files/drone-runner/drone-runner-Service.yaml diff --git a/files/drone-runner/drone-runner-ConfigMap.yaml b/files/drone-runner/drone-runner-ConfigMap.yaml index 6020a6d..4177069 100644 --- a/files/drone-runner/drone-runner-ConfigMap.yaml +++ b/files/drone-runner/drone-runner-ConfigMap.yaml @@ -1,17 +1,20 @@ +# Source: drone-runner-kube/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: - name: drone-runner + name: drone-runner-kube namespace: drone labels: - app.kubernetes.io/name: drone + helm.sh/chart: drone-runner-kube-0.1.2 + app.kubernetes.io/name: drone-runner-kube app.kubernetes.io/instance: drone - app.kubernetes.io/component: server - app.kubernetes.io/version: "1.6.5" + app.kubernetes.io/component: drone-runner-kube + app.kubernetes.io/version: "1.0.0-beta.1" + app.kubernetes.io/managed-by: Helm data: DRONE_RPC_HOST: "drone.reslinger.net" DRONE_RPC_PROTO: "https" DRONE_UI_DISABLE: "true" DRONE_RUNNER_CAPACITY: "2" - DRONE_NAMESPACE_DEFAULT: "drone" - DRONE_SERVICE_ACCOUNT_DEFAULT: "drone-runner" \ No newline at end of file + DRONE_NAMESPACE_DEFAULT: "drone-runner" +# DRONE_SERVICE_ACCOUNT_DEFAULT: "drone-runner" \ No newline at end of file diff --git a/files/drone-runner/drone-runner-Role.yaml b/files/drone-runner/drone-runner-Role.yaml index b88050b..c66f93b 100644 --- a/files/drone-runner/drone-runner-Role.yaml +++ b/files/drone-runner/drone-runner-Role.yaml @@ -1,25 +1,33 @@ +# Source: drone-runner-kube/templates/rbac.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - namespace: drone - name: drone-runner + name: drone-runner-kube + namespace: "drone-runner" + labels: + helm.sh/chart: drone-runner-kube-0.1.2 + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube + app.kubernetes.io/version: "1.0.0-beta.1" + app.kubernetes.io/managed-by: Helm rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete -- apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - get - - create - - delete - - list - - watch - - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - create + - delete + - list + - watch + - update diff --git a/files/drone-runner/drone-runner-RoleBinding.yaml b/files/drone-runner/drone-runner-RoleBinding.yaml index 08d275c..dac6e35 100644 --- a/files/drone-runner/drone-runner-RoleBinding.yaml +++ b/files/drone-runner/drone-runner-RoleBinding.yaml @@ -1,13 +1,21 @@ +# Source: drone-runner-kube/templates/rbac.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: drone-runner - namespace: drone + name: drone-runner-kube + namespace: "drone-runner" + labels: + helm.sh/chart: drone-runner-kube-0.1.2 + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube + app.kubernetes.io/version: "1.0.0-beta.1" + app.kubernetes.io/managed-by: Helm subjects: -- kind: ServiceAccount - name: drone-runner - namespace: drone + - kind: ServiceAccount + name: drone-runner-kube + namespace: drone roleRef: kind: Role - name: drone-runner + name: drone-runner-kube apiGroup: rbac.authorization.k8s.io diff --git a/files/drone-runner/drone-runner-Service.yaml b/files/drone-runner/drone-runner-Service.yaml new file mode 100644 index 0000000..a22afa8 --- /dev/null +++ b/files/drone-runner/drone-runner-Service.yaml @@ -0,0 +1,24 @@ +# Source: drone-runner-kube/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: drone-runner-kube + namespace: drone + labels: + helm.sh/chart: drone-runner-kube-0.1.2 + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube + app.kubernetes.io/version: "1.0.0-beta.1" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube diff --git a/files/drone-runner/drone-runner-ServiceAccount.yaml b/files/drone-runner/drone-runner-ServiceAccount.yaml index 38c6563..4103fba 100644 --- a/files/drone-runner/drone-runner-ServiceAccount.yaml +++ b/files/drone-runner/drone-runner-ServiceAccount.yaml @@ -1,5 +1,13 @@ +# Source: drone-runner-kube/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: + name: drone-runner-kube namespace: drone - name: drone-runner + labels: + helm.sh/chart: drone-runner-kube-0.1.2 + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube + app.kubernetes.io/version: "1.0.0-beta.1" + app.kubernetes.io/managed-by: Helm diff --git a/files/drone-runner/drone-runner.yaml b/files/drone-runner/drone-runner.yaml index 2c2660c..76edea6 100644 --- a/files/drone-runner/drone-runner.yaml +++ b/files/drone-runner/drone-runner.yaml @@ -1,27 +1,60 @@ +# Source: drone-runner-kube/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - name: drone-runner + name: drone-runner-kube namespace: drone labels: - app.kubernetes.io/name: drone + helm.sh/chart: drone-runner-kube-0.1.2 + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube + app.kubernetes.io/version: "1.0.0-beta.1" + app.kubernetes.io/managed-by: Helm spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/name: drone + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube template: metadata: labels: - app.kubernetes.io/name: drone + app.kubernetes.io/name: drone-runner-kube + app.kubernetes.io/instance: drone + app.kubernetes.io/component: drone-runner-kube + annotations: + checksum/secrets: b814aeaecb42fa8651875d365b7bd4251112dc6fde7b1c82a41a5f37cdb9f34a spec: + serviceAccountName: drone-runner-kube + securityContext: + fsGroup: 2000 + terminationGracePeriodSeconds: 3600 containers: - - name: drone-runner - image: drone/drone-runner-kube:latest - ports: - - containerPort: 3000 - envFrom: - - configMapRef: - name: drone-runner - - secretRef: - name: drone-runner + - name: server + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + image: "drone/drone-runner-kube:1.0.0-beta.1" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 3000 + protocol: TCP + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + envFrom: + - configMapRef: + name: drone-runner-kube + - secretRef: + name: drone-runner diff --git a/tasks/main.yml b/tasks/main.yml index f8a72e8..b730bc3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -40,6 +40,7 @@ - drone-runner/drone-runner-Role.yaml - drone-runner/drone-runner-RoleBinding.yaml - drone-runner/drone-runner-ConfigMap.yaml + - drone-runner/drone-runner-Service.yaml - drone-runner/drone-runner.yaml - name: Install Drone Runner static files k8s: