Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
drone-vault extension kubernetes resources from our blog.cogarius.com
apiVersion: v1
kind: ConfigMap
metadata:
name: ca-crt
namespace: drone
data:
kubca.crt: |
-----BEGIN CERTIFICATE-----
MIICMzCCAZygAwIBAgIJALiPnVsvq8dsMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIEwNmb28xDDAKBgNVBAcTA2ZvbzEMMAoGA1UEChMDZm9v
MQwwCgYDVQQLEwNmb28xDDAKBgNVBAMTA2ZvbzAeFw0xMzAzMTkxNTQwMTlaFw0x
xph0pSfsfFsTKM4RhTWD2v4fgk+xZiKd1p0+L4hTtpwnEw0uXRVd0ki6muwV5y/P
+5FHUeldq+pgTcgzuK8CAwEAAaMPMA0wCwYDVR0PBAQDAgLkMA0GCSqGSIb3DQEB
BQUAA4GBAJiDAAtY0mQQeuxWdzLRzXmjvdSuL9GoyT3BF/jSnpxz5/58dba8pWen
v3pj4P3w5DoOso0rzkZy2jEsEitlVM2mLSbQpMM+MUVQCQoiG6W9xuCFuxSrwPIS
pAqEAuV4DNoxQKKWmhVv+J0ptMWD25Pnpxeq5sXzghfJnslJlQND
-----END CERTIFICATE-----
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: drone-vault
name: drone-vault
namespace: drone
spec:
replicas: 1
selector:
matchLabels:
app: drone-vault
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: drone-vault
spec:
volumes:
- name: ca-crt
configMap:
name: ca-crt
containers:
- image: drone/vault
name: vault
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
ports:
- name: api
containerPort: 3000
protocol: TCP
volumeMounts:
- name: ca-crt
mountPath: /etc/ssl/certs/ca.crt
subPath: kubca.crt
readOnly: false
env:
- name: DRONE_DEBUG
value: "false"
- name: DRONE_SECRET
valueFrom:
secretKeyRef:
key: shared_secret
name: vault-drone
- name: VAULT_ADDR
value: "https://vault-server.vault.svc.cluster.local:8200"
- name: VAULT_CACERT
value: "/etc/ssl/certs/ca.crt"
- name: VAULT_AUTH_TYPE
value: "approle"
- name: VAULT_TOKEN_TTL
value: "48h"
- name: VAULT_TOKEN_RENEWAL
value: "24h"
- name: VAULT_APPROLE_ID
valueFrom:
secretKeyRef:
key: approle_role_id
name: vault-drone
- name: VAULT_APPROLE_SECRET
valueFrom:
secretKeyRef:
key: approle_role_secret
name: vault-drone
status: {}
apiVersion: v1
kind: Secret
metadata:
name: vault-drone
namespace: drone
data:
approle_role_id: APPROLE_ID_FROM_VAULT
approle_role_secret: APPROLE_SECRET_FROM_VAULT
shared_secret: CHOOSE_A_SECRET_TO_SHARE_WITH_DRONE_RUNNER
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment