Skip to content

Commit

Permalink
🚀 drone
Browse files Browse the repository at this point in the history
  • Loading branch information
@auricom
auricom committed Nov 17, 2022
1 parent 5e6277d commit 4ddfb8d
Show file tree
Hide file tree
Showing 11 changed files with 189 additions and 4 deletions.
23 changes: 23 additions & 0 deletions cluster/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: drone-kubernetes-secrets
namespace: default
spec:
interval: 1h
chart:
spec:
chart: drone-kubernetes-secrets
version: 0.1.4
sourceRef:
kind: HelmRepository
name: drone
namespace: flux-system
values:
env:
KUBERNETES_NAMESPACE: default
valuesFrom:
- targetPath: env.SECRET_KEY
kind: Secret
name: drone
valuesKey: DRONE_SECRET_PLUGIN_TOKEN
5 changes: 5 additions & 0 deletions cluster/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
35 changes: 35 additions & 0 deletions cluster/apps/development/drone/drone-runner-kube/helm-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: drone-runner-kube
namespace: default
spec:
interval: 1h
chart:
spec:
chart: drone-runner-kube
version: 0.1.10
sourceRef:
kind: HelmRepository
name: drone
namespace: flux-system
dependsOn:
- name: drone-kubernetes-secrets
namespace: default
values:
image:
repository: drone/drone-runner-kube
tag: 1.0.0-beta.5
env:
DRONE_NAMESPACE_DEFAULT: default
DRONE_RPC_HOST: drone.default.svc:8080
DRONE_SECRET_PLUGIN_ENDPOINT: http://drone-kubernetes-secrets.default.svc:3000
valuesFrom:
- targetPath: env.DRONE_RPC_SECRET
kind: Secret
name: drone
valuesKey: DRONE_RPC_SECRET
- targetPath: env.DRONE_SECRET_PLUGIN_TOKEN
kind: Secret
name: drone
valuesKey: DRONE_SECRET_PLUGIN_TOKEN
5 changes: 5 additions & 0 deletions cluster/apps/development/drone/drone-runner-kube/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
65 changes: 65 additions & 0 deletions cluster/apps/development/drone/helm-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: drone
namespace: default
spec:
interval: 1h
chart:
spec:
chart: drone
version: 0.6.4
sourceRef:
kind: HelmRepository
name: drone
namespace: flux-system
dependsOn:
- name: drone-runner-kube
namespace: default
- name: gitea
namespace: default
- name: postgres-cluster
namespace: default
values:
image:
repository: drone/drone
tag: 2.15.0
persistentVolume:
enabled: false
env:
DRONE_DATABASE_DRIVER: postgres
DRONE_GIT_ALWAYS_AUTH: true
DRONE_GITEA_SERVER: https://gitea.${SECRET_CLUSTER_DOMAIN}
DRONE_SERVER_HOST: &host drone.${SECRET_CLUSTER_DOMAIN}
DRONE_SERVER_PROTO: https
DRONE_SERVER_PROXY_HOST: drone.default.svc
DRONE_SERVER_PROXY_PROTO: http
DRONE_USER_CREATE: username:context,admin:true
ingress:
enabled: true
className: nginx
hosts:
- host: *host
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
valuesFrom:
- targetPath: env.DRONE_DATABASE_DATASOURCE
kind: Secret
name: drone
valuesKey: DRONE_DATABASE_DATASOURCE
- targetPath: env.DRONE_GITEA_CLIENT_ID
kind: Secret
name: drone
valuesKey: DRONE_GITEA_CLIENT_ID
- targetPath: env.DRONE_GITEA_CLIENT_SECRET
kind: Secret
name: drone
valuesKey: DRONE_GITEA_CLIENT_SECRET
- targetPath: env.DRONE_RPC_SECRET
kind: Secret
name: drone
valuesKey: DRONE_RPC_SECRET
8 changes: 8 additions & 0 deletions cluster/apps/development/drone/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- drone-kubernetes-secrets
- drone-runner-kube
- helm-release.yaml
- secret.sops.yaml
33 changes: 33 additions & 0 deletions cluster/apps/development/drone/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# yamllint disable
apiVersion: v1
kind: Secret
metadata:
name: drone
namespace: default
type: Opaque
stringData:
DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:nKt4kz7WR4ma7eoOqHsGbOlStX0APLzhxkYVTo3bZhVl8n+YlG7xl3OpLQ/1fyJnC5Q5jqnRZbLqD3a98J9nQtM9ZJ+ayVRcmktli2sjVTa8a63XWQ6jxsOIfqCTvVk=,iv:x9gj3MY5h9Jg0yMxtWe3WlIr/Jg79ljPQhkDllvS5UQ=,tag:khub5u0PCfO0yFFwDeOZAg==,type:str]
DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:tcXCVpdKB16QrXd35BhWtafVKgs/BlxWkxK9iQ+sm/wTUren,iv:/zEGKJzuaurIAOWXAhtsRnxkIwmzqrAZkW7rfAaTEVQ=,tag:XnHiNYyHUjsLgnTl62wQPQ==,type:str]
DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:wEIM5nc+cmc18ujFztAQQKO0YFXVtH90G+C4yCQOZlUf1xu9R1t2M0iLB7aP+y1lfxo3cgfiT+k=,iv:Nish+j12JfctzLGLXJ6Gle4sJLTDSlPnVMQ9L1BRRTs=,tag:uXWDbzpE13p5X/BnsKvQPQ==,type:str]
DRONE_RPC_SECRET: ENC[AES256_GCM,data:O+YljkHzgFe4HSgSRkosuTTFpaOPSyAjeVpC39BKSIU=,iv:H8SO0S8TL060mnKCOBPWexUNdYwUmyVPdetuoto6uck=,tag:XU8JCsippp0Gadptpuwuog==,type:str]
DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:rRP1/jdkyHkwTmB8j5svo0xg6YFw64f9EVcoMzyzHbk=,iv:LYMgl50+edTnk0Im7uzLZW0THemraadOpOLkyvL/5Og=,tag:nIkuWVAK1NvawHksQar0tQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVWZVaFFvMVJRRWR1eUU3
QzI5cjNscE83czk0TG9Ra1JvVmExa0hWbWt3Ck1YY1htcXhDamwxY1pVcE0wS2U3
WWNQbTJFK1dFdEhkMk8vbG9pQlJzN1kKLS0tIDBUTUZhMUF2VVJhbFNpQ1FTNWZC
ZUZsSDdUYXFVb3JROEFnaC8yRU1zZ0UK1klzjeo3oaS6n1Apy0nY746ax2Uxxddg
Mn61QDtkPf8FLNBC3tFTe3pWzhWseD/89WaW3f3GScJxy34SFUZxLQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-16T22:53:09Z"
mac: ENC[AES256_GCM,data:rKVm0DNrWZD7D5KanrINScClRJss9FhYUR1Xvz7lIKB3mRBuEpLYFQg84e+B6GTwa4p96EG/QICEAyY7T/7uNiZ6s2lLW7BEZsFH8HTJMk/KTwX15Pn5yg7qEiGwjWDSESTSGNDl9uOlVmpoDJz4xZY+DRUaJXVp33/y89eb82w=,iv:S5fpYjLd00gq8moMq00BHLPI2O3dfNAS3VU3yNHwpAg=,tag:DtMk+Pex/WjighefoGkRfQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3
9 changes: 5 additions & 4 deletions cluster/apps/development/gitea/external-backup/helm-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,12 @@ spec:
ssh -o StrictHostKeyChecking=no homelab@${LOCAL_LAN_TRUENAS} << 'EOF'
set -x
set -o nounset
set -o errexit
WORK_DIR="/mnt/storage/backups/apps/gitea"
ORGANISATIONS=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/orgs" --header "Authorization: Bearer ${GITEA_API_TOKEN}" | jq --raw-output .[].username)
ORGANISATIONS=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/orgs" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].username)
ORGANISATIONS+=" auricom"
for org in $ORGANISATIONS
Expand All @@ -73,7 +74,7 @@ spec:
else
keyword="orgs"
fi
REPOSITORIES=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/$keyword/$org/repos?limit=1000" --header "Authorization: Bearer ${GITEA_API_TOKEN}" | jq --raw-output .[].name)
REPOSITORIES=$(curl --silent --location --request GET "https://gitea.${SECRET_CLUSTER_DOMAIN}/api/v1/$keyword/$org/repos?limit=1000" --header "Authorization: Bearer ${SECRET_GITEA_API_TOKEN}" | jq --raw-output .[].name)
for repo in $REPOSITORIES
do
if [ -d "$WORK_DIR/$org/$repo" ]; then
Expand Down Expand Up @@ -101,7 +102,7 @@ spec:
done
done
echo "INFO: Backup done"
curl -m 10 --retry 5 http://healthchecks.default.svc.cluster.local./ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-gitea-repositories-backup
curl -m 10 --retry 5 https://healthchecks.${SECRET_CLUSTER_DOMAIN}/ping/${SECRET_HEALTHCHECKS_PING_KEY}/k3s-gitea-repositories-backup
EOF
volumeMounts:
- name: secret
Expand Down
1 change: 1 addition & 0 deletions cluster/apps/development/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- drone
- gitea
8 changes: 8 additions & 0 deletions cluster/charts/drone-charts.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: drone
namespace: flux-system
spec:
interval: 1h
url: https://charts.drone.io
1 change: 1 addition & 0 deletions cluster/charts/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ resources:
- cert-manager-webhook-ovh.yaml
- cloudnative-pg-charts.yaml
- descheduler-charts.yaml
- drone-charts.yaml
- dysnix-charts.yaml
- emxq-charts.yaml
- external-dns-charts.yaml
Expand Down

0 comments on commit 4ddfb8d

Please sign in to comment.