scubbo/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Drone

Browse Source
This commit is contained in:
Jack Jackson 2023-07-11 19:45:42 -07:00
parent 1f455c9e34
commit 86b2b339a8
8 changed files with 197 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
app-of-apps/templates/apps.yaml
View File

@ -222,14 +222,14 @@ spec:
externalGrafana: externalGrafana:
url: http://grafana.avril url: http://grafana.avril
fullnameOverride: "oncall-ovrd" # Without this, there are clashes between resources (ServiceAccounts, Secrets) that are similarly named between Oncall itself and the underlying Grafana templates. Also this needs to b e short otherwise the batch jobs created have names that are too long fullnameOverride: "oncall-ovrd" # Without this, there are clashes between resources (ServiceAccounts, Secrets) that are similarly named between Oncall itself and the underlying Grafana templates. Also this needs to b e short otherwise the batch jobs created have names that are too long
env: # env:
- name: FEATURE_TELEGRAM_INTEGRATION_ENABLED # - name: FEATURE_TELEGRAM_INTEGRATION_ENABLED
value: "true" # value: "true"
- name: TELEGRAM_WEBHOOK_HOST # - name: TELEGRAM_WEBHOOK_HOST
valueFrom: # valueFrom:
secretKeyRef: # secretKeyRef:
name: telegram-webhook-host-secret # name: telegram-webhook-host-secret
key: url # key: url
image: image:
tag: "v1.3.1-arm64-linux" tag: "v1.3.1-arm64-linux"
@ -278,11 +278,11 @@ spec:
repository: arm64v8/postgres repository: arm64v8/postgres
tag: 15.1 tag: 15.1
telegram: # telegram:
enabled: true # enabled: true
existingSecret: telegram-auth-secret # existingSecret: telegram-auth-secret
tokenKey: token # tokenKey: token
webhookUrl: https://oncall-grafana.scubbo.org # webhookUrl: https://oncall-grafana.scubbo.org
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
@ -384,4 +384,32 @@ spec:
prune: true prune: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: drone
namespace: argo
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://gitea.scubbo.org/scubbo/helm-charts.git
targetRevision: HEAD
path: charts/drone
helm:
valueFiles:
- values.yaml
destination:
server: "https://kubernetes.default.svc"
namespace: drone
syncPolicy:
automated:
prune: true
syncOptions:
- CreateNamespace=true

17
charts/drone/Chart.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v2
name: drone-scubbo
description: A personalized Helm chart to deploy Gitea to Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: drone
repository: https://charts.drone.io
version: "0.6.4"
alias: drone-server
- name: drone-runner-docker
repository: https://charts.drone.io
version: "0.6.1"
alias: drone-runner

13
charts/drone/README.md Normal file
View File

@ -0,0 +1,13 @@
TODO:
* Create the following in an initContainer if they don't exist:
* The Gitea OAuth application at startup
* The Prometheus user (https://cogarius.medium.com/3-3-complete-guide-to-ci-cd-pipelines-with-drone-io-on-kubernetes-drone-metrics-with-prometheus-c2668e42b03f) - probably by mounting the volume, using sqlite3 to parse out admin password, then using that to make API call
* Create `gitea_password` Organization Secret at init.
Create secret named `gitea-oauth-creds`, with keys `DRONE_GITEA_CLIENT_ID` and `DRONE_GITEA_CLIENT_SECRET`. Remember also to create an Organization Secret named `gitea_password` for pulling.
For MTU problem diagnosis:
https://github.com/gliderlabs/docker-alpine/issues/307#issuecomment-634852419
https://liejuntao001.medium.com/fix-docker-in-docker-network-issue-in-kubernetes-cc18c229d9e5

BIN
charts/drone/charts/drone-0.6.4.tgz Normal file
View File

Binary file not shown.

BIN
charts/drone/charts/drone-runner-docker-0.6.1.tgz Normal file
View File

Binary file not shown.

62
charts/drone/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "drone-scubbo.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "drone-scubbo.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "drone-scubbo.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "drone-scubbo.labels" -}}
helm.sh/chart: {{ include "drone-scubbo.chart" . }}
{{ include "drone-scubbo.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "drone-scubbo.selectorLabels" -}}
app.kubernetes.io/name: {{ include "drone-scubbo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "drone-scubbo.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "drone-scubbo.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

20
charts/drone/templates/rpc_secret.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- /*
https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918
*/}}
{{- if empty .Values.manualRPCSecretName }}
apiVersion: v1
kind: Secret
metadata:
name: "rpc-secret"
annotations:
"helm.sh/resource-policy": "keep"
type: Opaque
data:
# retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
{{- $existing_secret := (lookup "v1" "Secret" .Release.Namespace "rpc-secret") | default dict }}
{{- $secretData := (get $existing_secret "data") | default dict }}
# set $secret to existing secret data or generate a random one when not exists
{{- $secret := (get $secretData "secret") | default (randAlphaNum 32 | b64enc) }}
# generate 32 chars long random string, base64 encode it and then double-quote the result string.
secret: {{ $secret | quote }}
{{- end }}

44
charts/drone/values.yaml Normal file
View File

@ -0,0 +1,44 @@
drone-server:
env:
DRONE_SERVER_HOST: drone.scubbo.org
DRONE_SERVER_PROTO: https
DRONE_RPC_SECRET: rpc-secret
DRONE_GITEA_SERVER: https://gitea.scubbo.org
extraSecretNamesForEnvFrom:
- gitea-oauth-creds
service:
port: 3500
persistentVolume:
storageClass: longhorn
drone-runner:
env:
DRONE_RPC_SECRET: rpc-secret
DRONE_RPC_HOST: drone-drone-server:3500 # This is the name of the service for the runner
DRONE_RUNNER_NETWORK_OPTS: "com.docker.network.driver.mtu:1450"
dind:
commandArgs:
- "--host"
- "tcp://localhost:2375"
- "--mtu=1450"
drone:
server: "drone.scubbo.org"
userCreateString: "username:scubbo,admin:true"
volume:
nfsServer: rassigma.avril
nfsPath: /mnt/BERTHA/drone
service:
type: ClusterIP
port: 3500
gitea:
server: https://gitea.scubbo.org
# Secret with keys `clientId` and `clientSecret`
oauthSecretName: gitea-oauth-creds
# Set this if you want to use an existing secret for the RPC
# secret (otherwise, a fresh one will be created if necessary)
manualRPCSecretName: ""