{% if drone_version is defined %} image: # repository: drone/drone tag: "{{ drone_version }}" # pullPolicy: IfNotPresent {% endif %} ## If you need to pull images from a private Docker image repository, pass in the name ## of a Kubernetes Secret that contains the needed secret. For more details, see: ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## imagePullSecrets: [] # - name: "image-pull-secret" nameOverride: "" fullnameOverride: "" # Drone server does not interact with the Kubernetes API server automountServiceAccountToken: false podSecurityContext: fsGroup: 2000 securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 ## Add extra annotations to the Drone server pods here. See below example for ## Prometheus scrape annotations. ## podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "80" updateStrategy: {} service: type: ClusterIP port: 80 ingress: enabled: true annotations: kubernetes.io/ingress.class: traefik # kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: letsencrypt-prod traefik.ingress.kubernetes.io/router.entrypoints: web,websecure traefik.ingress.kubernetes.io/router.middlewares: security_headers@file hosts: - host: drone.{{ traefik_domain }} paths: - "/" tls: - secretName: drone.{{ traefik_domain }} hosts: - drone.{{ traefik_domain }} resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi ## If you'd like to force the Drone server to run on a specific node or set of nodes, ## set a selector here. ## nodeSelector: {} tolerations: [] affinity: {} ## If you'd like to make additional files or volumes available to Drone, declare additional ## Volumes here per the Pod spec's "volumes" section. ## Ref: https://kubernetes.io/docs/concepts/storage/volumes/ ## extraVolumes: [] ## If you have declared extra volumes, mount them here, per the Pod Container's ## "volumeMounts" section. ## extraVolumeMounts: [] persistentVolume: ## If you are using SQLite as your DB for Drone, it is recommended to enable persistence. If ## enabled, the Chart will create a PersistentVolumeClaim to store its state in. If you are ## using a DB other than SQLite, set this to false to avoid allocating unused storage. ## If set to false, Drone will use an emptyDir instead, which is ephemeral. ## enabled: true ## Drone server data Persistent Volume access modes ## Must match those of existing PV or dynamic provisioner ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## accessModes: - ReadWriteOnce ## Drone server data Persistent Volume annotations ## annotations: {} ## If you'd like to bring your own PVC for persisting Drone state, pass the name of the ## created + ready PVC here. If set, this Chart will not create the default PVC. ## Requires server.persistentVolume.enabled: true ## existingClaim: "" ## Drone server data Persistent Volume mount root path ## mountPath: /data ## Drone server data Persistent Volume size ## size: 8Gi ## Drone server data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## {% if drone_storage_classname is defined %} storageClass: "{{ drone_storage_classname }}" {% else %} storageClass: "" {% endif %} ## Drone server data Persistent Volume Binding Mode ## If defined, volumeMode: ## If empty (the default) or set to null, no volumeBindingMode spec is ## set, choosing the default mode. ## volumeMode: "" ## Subdirectory of Drone server data Persistent Volume to mount ## Useful if the volume's root directory is not empty ## subPath: "" ## If persistentVolume.enabled is set to false, Drone will mount an emptyDir instead of ## a PVC for any state that it needs to persist. ## emptyDir: ## Total space to request for the emptyDir. An empty value here means no limit. sizeLimit: "" ## If you'd like to provide your own Kubernetes Secret object instead of passing your values ## in un-encrypted, pass in the name of a created + populated Secret in the same Namespace ## as the Drone server. All secrets within this configmap will be mounted as environment ## variables, with each key/value mapping to a corresponding environment variable on the ## Drone server. ## extraSecretNamesForEnvFrom: [] #- drone ## The keys within the "env" map are mounted as environment variables on the Drone server pod. ## See the full reference of Drone server environment variables here: ## Ref: https://docs.drone.io/installation/reference/ ## env: ## REQUIRED: Set the user-visible Drone hostname, sans protocol. ## Ref: https://docs.drone.io/installation/reference/drone-server-host/ ## DRONE_SERVER_HOST: "drone.{{ traefik_domain }}" ## The protocol to pair with the value in DRONE_SERVER_HOST (http or https). ## Ref: https://docs.drone.io/installation/reference/drone-server-proto/ ## DRONE_SERVER_PROTO: https DRONE_SERVER_PORT: ":3000" ## REQUIRED: Set the secret secret token that the Drone server and its Runners will use ## to authenticate. This is commented out in order to leave you the ability to set the ## key via a separately provisioned secret (see existingSecretName above). ## Ref: https://docs.drone.io/installation/reference/drone-rpc-secret/ ## DRONE_RPC_SECRET: {{ drone_rpc_secret }} ## If you'd like to use a DB other than SQLite (the default), set a driver + DSN here. ## Ref: https://docs.drone.io/installation/storage/database/ ## # DRONE_DATABASE_DRIVER: # DRONE_DATABASE_DATASOURCE: ## If you are going to store build secrets in the Drone database, it is suggested that ## you set a database encryption secret. This must be set before any secrets are stored ## in the database. ## Ref: https://docs.drone.io/installation/storage/encryption/ ## DRONE_DATABASE_SECRET: "{{ drone_secret }}" ## If you are using self-hosted GitHub or GitLab, you'll need to set this to true. ## Ref: https://docs.drone.io/installation/reference/drone-git-always-auth/ ## # DRONE_GIT_ALWAYS_AUTH: false ## =================================================================================== ## Provider Directives (select ONE) ## ----------------------------------------------------------------------------------- ## Select one provider (and only one). Refer to the corresponding documentation link ## before filling the values in. Also note that you can use the 'secretMounts' value ## if you'd rather not have secrets in Kubernetes Secret instead of a ConfigMap. ## =================================================================================== ## GitHub-specific variables. See the provider docs here: ## Ref: https://docs.drone.io/installation/providers/github/ ## # DRONE_GITHUB_CLIENT_ID: # DRONE_GITHUB_CLIENT_SECRET: ## GitLab-specific variables. See the provider docs here: ## Ref: https://docs.drone.io/installation/providers/gitlab/ ## # DRONE_GITLAB_CLIENT_ID: # DRONE_GITLAB_CLIENT_SECRET: # DRONE_GITLAB_SERVER: ## Bitbucket Cloud-specific variables. See the provider docs here: ## Ref: https://docs.drone.io/installation/providers/bitbucket-cloud/ ## # DRONE_BITBUCKET_CLIENT_ID: # DRONE_BITBUCKET_CLIENT_SECRET: ## Bitbucket-specific variables. See the provider docs here: ## Ref: https://docs.drone.io/installation/providers/bitbucket-server/ ## # DRONE_GIT_USERNAME: # DRONE_GIT_PASSWORD: # DRONE_STASH_CONSUMER_KEY: # DRONE_STASH_PRIVATE_KEY: # DRONE_STASH_SERVER: ## Gitea-specific variables. See the provider docs here: ## Ref: https://docs.drone.io/installation/providers/gitea/ ## DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id }}" DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret }}" DRONE_GITEA_SERVER: "https://gitea.{{ traefik_domain }}" ## Gogs-specific variables. See the provider docs here: ## Ref: https://docs.drone.io/installation/providers/gogs/ ## # DRONE_GOGS_SERVER: