Skip to content

Instantly share code, notes, and snippets.

@dghubble

dghubble/drone.yaml

Created March 7, 2021 20:02
Show Gist options
  • Save dghubble/aee9bec29a78832c23589772a9b1014d to your computer and use it in GitHub Desktop.
Save dghubble/aee9bec29a78832c23589772a9b1014d to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes manifests for Drone with Litestream
Raw
drone.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: drone
data:
DRONE_SERVER_PROTO: "https"
DRONE_SERVER_HOST: "drone.example.com"
DRONE_SERVER_PORT: ":8080"
# Comma separated list of Github users or orgs
DRONE_USER_FILTER: dghubble
DRONE_USER_CREATE: username:dghubble,admin:true
# Require login, even if a project is public
DRONE_SERVER_PRIVATE_MODE: "true"
# Github status
DRONE_STATUS_NAME: drone
# logs
DRONE_LOGS_DEBUG: "true"
DRONE_LOGS_TEXT: "true"
DRONE_LOGS_PRETTY: "true"
DRONE_LOGS_COLOR: "true"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: drone-litestream
data:
config.yaml: |-
dbs:
- path: /data/database.sqlite
monitor-interval: 60s
replicas:
- url: s3://mybucket/database.sqlite
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: drone
spec:
secretName: drone-tls
dnsNames:
- drone.example.com
issuerRef:
name: letsencrypt-prod
kind: Issuer
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone
spec:
replicas: 1
selector:
matchLabels:
name: drone
template:
metadata:
labels:
name: drone
spec:
automountServiceAccountToken: false
initContainers:
- name: restore
image: quay.io/dghubble/litestream:v0.3.3-rc0
imagePullPolicy: Always
args:
- restore
- --config=/etc/litestream/config.yaml
- /data/database.sqlite
envFrom:
- secretRef:
name: drone-litestream
volumeMounts:
- name: data
mountPath: /data
- name: litestream
mountPath: /etc/litestream
containers:
- name: drone
image: docker.io/drone/drone:1.10.1
envFrom:
- configMapRef:
name: drone
env:
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone
key: DRONE_RPC_SECRET
- name: DRONE_GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone
key: DRONE_GITHUB_CLIENT_ID
- name: DRONE_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone
key: DRONE_GITHUB_CLIENT_SECRET
ports:
- name: http
containerPort: 8080
resources:
requests:
cpu: 30m
memory: 30Mi
limits:
cpu: 100m
memory: 100Mi
livenessProbe:
httpGet:
port: 8080
path: /
volumeMounts:
- name: data
mountPath: /data
- name: litestream
image: quay.io/dghubble/litestream:v0.3.3-rc0
imagePullPolicy: Always
args:
- replicate
- --config=/etc/litestream/config.yaml
envFrom:
- secretRef:
name: drone-litestream
volumeMounts:
- name: data
mountPath: /data
- name: litestream
mountPath: /etc/litestream
volumes:
- name: litestream
configMap:
name: drone-litestream
- name: data
emptyDir: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: drone
annotations:
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
spec:
ingressClassName: public
tls:
- secretName: drone-tls
hosts:
- drone.example.com
rules:
- host: drone.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: drone
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: drone
spec:
type: ClusterIP
selector:
name: drone
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: v1
kind: Secret
metadata:
name: drone-litestream
stringData:
AWS_ACCESS_KEY_ID: {{ secret "secret/data/drone/bucket" "aws_access_key_id" }}
AWS_SECRET_ACCESS_KEY: {{ secret "secret/data/drone/bucket" "aws_secret_access_key" }}
---
apiVersion: v1
kind: Secret
metadata:
name: drone
stringData:
DRONE_RPC_SECRET: {{ secret "secret/data/drone/server" "DRONE_RPC_SECRET" }}
DRONE_GITHUB_CLIENT_ID: {{ secret "secret/data/drone/server" "DRONE_GITHUB_CLIENT_ID" }}
DRONE_GITHUB_CLIENT_SECRET: {{ secret "secret/data/drone/server" "DRONE_GITHUB_CLIENT_SECRET" }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment