viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add drone config and dockerhub skeleton

Browse source
This commit is contained in:
viktorbarzin 2021-02-10 21:17:31 +00:00
parent a0c40cc687
commit 3c41c2e641
No known key found for this signature in database
GPG key ID: 0EB088298288D958
5 changed files with 415 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

350
modules/kubernetes/drone/main.tf Normal file
View file

@ -0,0 +1,350 @@
variable "tls_secret_name" {}
variable "tls_crt" {}
variable "tls_key" {}
variable "github_client_id" {}
variable "github_client_secret" {}
variable "rpc_secret" {}
variable "server_host" {}
variable "server_proto" {}
variable "rpc_host" {
default = "drone.drone.svc.cluster.local"
}
variable "allowed_users" {
# comma separated list
default = "viktorbarzin"
}
resource "kubernetes_namespace" "drone" {
metadata {
name = "drone"
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "drone"
tls_secret_name = var.tls_secret_name
tls_crt = var.tls_crt
tls_key = var.tls_key
}
resource "kubernetes_deployment" "drone_server" {
metadata {
name = "drone-server"
namespace = "drone"
labels = {
app = "drone"
}
}
spec {
strategy {
type = "Recreate"
}
replicas = 1
selector {
match_labels = {
app = "drone"
}
}
template {
metadata {
labels = {
app = "drone"
}
}
spec {
container {
image = "drone/drone:1"
name = "drone-server"
resources {
limits = {
cpu = "1"
memory = "1Gi"
}
requests = {
cpu = "500m"
memory = "1Gi"
}
}
port {
container_port = 80
}
volume_mount {
name = "data"
mount_path = "/data"
}
env {
name = "DRONE_GITHUB_CLIENT_ID"
value = var.github_client_id
}
env {
name = "DRONE_GITHUB_CLIENT_SECRET"
value = var.github_client_secret
}
env {
name = "DRONE_RPC_SECRET"
value = var.rpc_secret
}
env {
name = "DRONE_SERVER_HOST"
value = var.server_host
}
env {
name = "DRONE_SERVER_PROTO"
value = var.server_proto
}
env {
name = "DRONE_USER_FILTER"
value = var.allowed_users
}
}
volume {
name = "data"
iscsi {
target_portal = "iscsi.viktorbarzin.lan:3260"
fs_type = "ext4"
iqn = "iqn.2020-12.lan.viktorbarzin:storage:drone"
lun = 0
read_only = false
}
}
}
}
}
}
resource "kubernetes_service" "drone" {
metadata {
name = "drone"
namespace = "drone"
labels = {
app = "drone"
}
}
spec {
selector = {
app = "drone"
}
port {
name = "http"
port = "80"
}
}
}
resource "kubernetes_ingress" "drone" {
metadata {
name = "drone-ingress"
namespace = "drone"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}
}
spec {
tls {
hosts = ["drone.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "drone.viktorbarzin.me"
http {
path {
path = "/"
backend {
service_name = "drone"
service_port = "80"
}
}
}
}
}
}
# Setup drone runner
resource "kubernetes_cluster_role" "drone" {
metadata {
name = "drone"
}
rule {
api_groups = [""]
resources = ["secrets"]
verbs = ["get", "list", "create", "delete"]
}
rule {
api_groups = [""]
resources = ["pods", "pods/log"]
verbs = ["get", "create", "delete", "list", "watch", "update"]
}
rule {
api_groups = ["apps"]
resources = ["deployments"]
verbs = ["get", "create", "delete", "list", "watch", "update", "patch"]
}
}
resource "kubernetes_cluster_role_binding" "drone" {
metadata {
name = "drone"
}
subject {
kind = "ServiceAccount"
name = "default"
namespace = "drone"
}
role_ref {
kind = "ClusterRole"
name = "drone"
api_group = "rbac.authorization.k8s.io"
}
}
resource "kubernetes_deployment" "drone_runner" {
metadata {
name = "drone-runner"
namespace = "drone"
labels = {
app = "drone-runner"
}
}
spec {
strategy {
type = "Recreate"
}
replicas = 1
selector {
match_labels = {
app = "drone-runner"
}
}
template {
metadata {
labels = {
app = "drone-runner"
}
}
spec {
container {
image = "drone/drone-runner-kube:latest"
name = "drone-runner"
resources {
limits = {
cpu = "1"
memory = "1Gi"
}
requests = {
cpu = "500m"
memory = "1Gi"
}
}
env {
name = "DRONE_RPC_HOST"
value = var.rpc_host
}
env {
name = "DRONE_RPC_PROTO"
value = "http"
}
env {
name = "DRONE_RPC_SECRET"
value = var.rpc_secret
}
env {
name = "DRONE_NAMESPACE_DEFAULT"
value = "drone"
}
env {
name = "SECRET_KEY"
value = var.rpc_secret
}
env {
name = "DRONE_SECRET_PLUGIN_ENDPOINT"
# value = "http://localhost:3000"
value = "http://drone-runner-secret.drone.svc.cluster.local:3000"
}
env {
name = "DRONE_SECRET_PLUGIN_TOKEN"
value = var.rpc_secret
}
env {
name = "DRONE_DEBUG"
value = "true"
}
}
}
}
}
}
resource "kubernetes_deployment" "drone_runner_secret" {
metadata {
name = "drone-runner-secret"
namespace = "drone"
labels = {
app = "drone-runner-secret"
}
}
spec {
strategy {
type = "Recreate"
}
replicas = 1
selector {
match_labels = {
app = "drone-runner-secret"
}
}
template {
metadata {
labels = {
app = "drone-runner-secret"
}
}
spec {
container {
name = "secret"
image = "drone/kubernetes-secrets:latest"
port {
container_port = 3000
}
env {
name = "SECRET_KEY"
value = var.rpc_secret
}
env {
name = "DEBUG"
value = "true"
}
env {
name = "KUBERNETES_NAMESPACE"
value = "drone"
}
}
}
}
}
}
resource "kubernetes_service" "drone_runner_secret" {
metadata {
name = "drone-runner-secret"
namespace = "drone"
labels = {
app = "drone-runner-secret"
}
}
spec {
selector = {
app = "drone-runner-secret"
}
port {
name = "http"
port = "3000"
}
}
}