250 lines
8.2 KiB
Django/Jinja
250 lines
8.2 KiB
Django/Jinja
{% if drone_version is defined %}
|
|
image:
|
|
# repository: drone/drone
|
|
tag: "{{ drone_version }}"
|
|
# pullPolicy: IfNotPresent
|
|
{% endif %}
|
|
|
|
## If you need to pull images from a private Docker image repository, pass in the name
|
|
## of a Kubernetes Secret that contains the needed secret. For more details, see:
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
imagePullSecrets: []
|
|
# - name: "image-pull-secret"
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
# Drone server does not interact with the Kubernetes API server
|
|
automountServiceAccountToken: false
|
|
|
|
podSecurityContext:
|
|
fsGroup: 2000
|
|
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
|
|
## Add extra annotations to the Drone server pods here. See below example for
|
|
## Prometheus scrape annotations.
|
|
##
|
|
podAnnotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "80"
|
|
|
|
updateStrategy: {}
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 80
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
# kubernetes.io/tls-acme: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
|
traefik.ingress.kubernetes.io/router.middlewares: security_headers@file
|
|
hosts:
|
|
- host: drone.{{ traefik_domain }}
|
|
paths:
|
|
- "/"
|
|
tls:
|
|
- secretName: drone.{{ traefik_domain }}
|
|
hosts:
|
|
- drone.{{ traefik_domain }}
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
## If you'd like to force the Drone server to run on a specific node or set of nodes,
|
|
## set a selector here.
|
|
##
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
## If you'd like to make additional files or volumes available to Drone, declare additional
|
|
## Volumes here per the Pod spec's "volumes" section.
|
|
## Ref: https://kubernetes.io/docs/concepts/storage/volumes/
|
|
##
|
|
extraVolumes: []
|
|
## If you have declared extra volumes, mount them here, per the Pod Container's
|
|
## "volumeMounts" section.
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
persistentVolume:
|
|
## If you are using SQLite as your DB for Drone, it is recommended to enable persistence. If
|
|
## enabled, the Chart will create a PersistentVolumeClaim to store its state in. If you are
|
|
## using a DB other than SQLite, set this to false to avoid allocating unused storage.
|
|
## If set to false, Drone will use an emptyDir instead, which is ephemeral.
|
|
##
|
|
enabled: true
|
|
|
|
## Drone server data Persistent Volume access modes
|
|
## Must match those of existing PV or dynamic provisioner
|
|
## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
|
|
## Drone server data Persistent Volume annotations
|
|
##
|
|
annotations: {}
|
|
|
|
## If you'd like to bring your own PVC for persisting Drone state, pass the name of the
|
|
## created + ready PVC here. If set, this Chart will not create the default PVC.
|
|
## Requires server.persistentVolume.enabled: true
|
|
##
|
|
existingClaim: ""
|
|
|
|
## Drone server data Persistent Volume mount root path
|
|
##
|
|
mountPath: /data
|
|
|
|
## Drone server data Persistent Volume size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Drone server data Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
{% if drone_storage_classname is defined %}
|
|
storageClass: "{{ drone_storage_classname }}"
|
|
{% else %}
|
|
storageClass: ""
|
|
{% endif %}
|
|
|
|
## Drone server data Persistent Volume Binding Mode
|
|
## If defined, volumeMode: <volumeMode>
|
|
## If empty (the default) or set to null, no volumeBindingMode spec is
|
|
## set, choosing the default mode.
|
|
##
|
|
volumeMode: ""
|
|
|
|
## Subdirectory of Drone server data Persistent Volume to mount
|
|
## Useful if the volume's root directory is not empty
|
|
##
|
|
subPath: ""
|
|
|
|
## If persistentVolume.enabled is set to false, Drone will mount an emptyDir instead of
|
|
## a PVC for any state that it needs to persist.
|
|
##
|
|
emptyDir:
|
|
## Total space to request for the emptyDir. An empty value here means no limit.
|
|
sizeLimit: ""
|
|
|
|
## If you'd like to provide your own Kubernetes Secret object instead of passing your values
|
|
## in un-encrypted, pass in the name of a created + populated Secret in the same Namespace
|
|
## as the Drone server. All secrets within this configmap will be mounted as environment
|
|
## variables, with each key/value mapping to a corresponding environment variable on the
|
|
## Drone server.
|
|
##
|
|
extraSecretNamesForEnvFrom: []
|
|
#- drone
|
|
|
|
## The keys within the "env" map are mounted as environment variables on the Drone server pod.
|
|
## See the full reference of Drone server environment variables here:
|
|
## Ref: https://docs.drone.io/installation/reference/
|
|
##
|
|
env:
|
|
## REQUIRED: Set the user-visible Drone hostname, sans protocol.
|
|
## Ref: https://docs.drone.io/installation/reference/drone-server-host/
|
|
##
|
|
DRONE_SERVER_HOST: "drone.{{ traefik_domain }}"
|
|
## The protocol to pair with the value in DRONE_SERVER_HOST (http or https).
|
|
## Ref: https://docs.drone.io/installation/reference/drone-server-proto/
|
|
##
|
|
DRONE_SERVER_PROTO: https
|
|
|
|
DRONE_SERVER_PORT: ":3000"
|
|
|
|
## REQUIRED: Set the secret secret token that the Drone server and its Runners will use
|
|
## to authenticate. This is commented out in order to leave you the ability to set the
|
|
## key via a separately provisioned secret (see existingSecretName above).
|
|
## Ref: https://docs.drone.io/installation/reference/drone-rpc-secret/
|
|
##
|
|
DRONE_RPC_SECRET: {{ drone_rpc_secret }}
|
|
|
|
## If you'd like to use a DB other than SQLite (the default), set a driver + DSN here.
|
|
## Ref: https://docs.drone.io/installation/storage/database/
|
|
##
|
|
# DRONE_DATABASE_DRIVER:
|
|
# DRONE_DATABASE_DATASOURCE:
|
|
|
|
## If you are going to store build secrets in the Drone database, it is suggested that
|
|
## you set a database encryption secret. This must be set before any secrets are stored
|
|
## in the database.
|
|
## Ref: https://docs.drone.io/installation/storage/encryption/
|
|
##
|
|
DRONE_DATABASE_SECRET: "{{ drone_secret }}"
|
|
|
|
## If you are using self-hosted GitHub or GitLab, you'll need to set this to true.
|
|
## Ref: https://docs.drone.io/installation/reference/drone-git-always-auth/
|
|
##
|
|
# DRONE_GIT_ALWAYS_AUTH: false
|
|
|
|
## ===================================================================================
|
|
## Provider Directives (select ONE)
|
|
## -----------------------------------------------------------------------------------
|
|
## Select one provider (and only one). Refer to the corresponding documentation link
|
|
## before filling the values in. Also note that you can use the 'secretMounts' value
|
|
## if you'd rather not have secrets in Kubernetes Secret instead of a ConfigMap.
|
|
## ===================================================================================
|
|
|
|
## GitHub-specific variables. See the provider docs here:
|
|
## Ref: https://docs.drone.io/installation/providers/github/
|
|
##
|
|
# DRONE_GITHUB_CLIENT_ID:
|
|
# DRONE_GITHUB_CLIENT_SECRET:
|
|
|
|
## GitLab-specific variables. See the provider docs here:
|
|
## Ref: https://docs.drone.io/installation/providers/gitlab/
|
|
##
|
|
# DRONE_GITLAB_CLIENT_ID:
|
|
# DRONE_GITLAB_CLIENT_SECRET:
|
|
# DRONE_GITLAB_SERVER:
|
|
|
|
## Bitbucket Cloud-specific variables. See the provider docs here:
|
|
## Ref: https://docs.drone.io/installation/providers/bitbucket-cloud/
|
|
##
|
|
# DRONE_BITBUCKET_CLIENT_ID:
|
|
# DRONE_BITBUCKET_CLIENT_SECRET:
|
|
|
|
## Bitbucket-specific variables. See the provider docs here:
|
|
## Ref: https://docs.drone.io/installation/providers/bitbucket-server/
|
|
##
|
|
# DRONE_GIT_USERNAME:
|
|
# DRONE_GIT_PASSWORD:
|
|
# DRONE_STASH_CONSUMER_KEY:
|
|
# DRONE_STASH_PRIVATE_KEY:
|
|
# DRONE_STASH_SERVER:
|
|
|
|
## Gitea-specific variables. See the provider docs here:
|
|
## Ref: https://docs.drone.io/installation/providers/gitea/
|
|
##
|
|
DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id }}"
|
|
DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret }}"
|
|
DRONE_GITEA_SERVER: "https://gitea.{{ traefik_domain }}"
|
|
|
|
## Gogs-specific variables. See the provider docs here:
|
|
## Ref: https://docs.drone.io/installation/providers/gogs/
|
|
##
|
|
# DRONE_GOGS_SERVER:
|