Bump drone to v2.0.7

charts/drone/v2.0.7/Chart.yaml

+apiVersion: v1
 name: drone
 home: https://drone.io/
-icon: https://drone.io/apple-touch-icon.png
-version: 1.7.4
-appVersion: 0.8.6
+icon: file://../drone.png
+version: 2.0.7
+appVersion: 1.2
 description: Drone is a Continuous Delivery system built on container technology
 keywords:
 - continuous-delivery
@@ -17,3 +18,7 @@ sources:
 maintainers:
 - name: christian-roggia
   email: christian.roggia@gmail.com
+- name: paulczar
+  email: username.taken@gmail.com
+- name: zakkg3
+  email: zakkg3@gmail.com

charts/drone/v2.0.7/OWNERS

 approvers:
 - christian-roggia
+- zakkg3
 reviewers:
 - christian-roggia
+- zakkg3

charts/drone/v2.0.7/app-readme.md

 # Drone.io
 
-[Drone](http://readme.drone.io/) is a Continuous Integration platform built on container technology.
+[Drone](http://readme.drone.io/) v1 is a Continuous Integration platform built on container technology with native Kubernetes support.
 
-## Installation
-If you are installing Drone this is the place to start. Choose you source code management system and we will guide you through a [basic installation](http://readme.drone.io/).
+## Installing the Chart
+Note: The chart will not install the drone server until you have configured a source control option. If this is the case it will print out notes on how to configure it in place using `helm upgrade`.
+
+In order to not expose your secrets in the Helm release, you can create the secrets upfront and select to use it. e.g,
+
+```console
+kubectl create secret generic drone-server-secrets \
+      --namespace=drone \
+      --from-literal=clientSecret="XXXXXXXXXXXXXXXXXXXXXXXX"
+```
+
+Reference the [drone doc](http://readme.drone.io/) for more details.
+
+**WARNING:**
+```
+It is not recommended to upgrade from earlier (appVersion 0.8.x) versions of Drone due to the large amount of breaking changes both in the product and in the helm charts.
+```

charts/drone/v2.0.7/questions.yml

+labels:
+  io.cattle.role: cluster # options are cluster/project
 categories:
 - CI/CD
 questions:
@@ -10,27 +12,27 @@ questions:
   group: "Container Images"
   subquestions:
   - variable: images.server.repository
-    default: "docker.io/drone/drone"
+    default: "ranchercharts/drone-drone"
     description: "Drone Server image name"
     type: string
     label: Drone Server Image Name
   - variable: images.server.tag
-    default: "0.8.6"
+    default: "1.2"
     description: "Drone Server image tag"
     type: string
     label: Drone Server Image Tag
   - variable: images.agent.repository
-    default: "docker.io/drone/agent"
+    default: "ranchercharts/drone-agent"
     description: "Drone Agent image name"
     type: string
     label: Drone Agent Image Name
   - variable: images.agent.tag
-    default: "0.8.6"
+    default: "1.2"
     description: "Drone Agent image tag"
     type: string
     label: Drone Agent Image Tag
   - variable: images.dind.repository
-    default: "docker.io/library/docker"
+    default: "ranchercharts/library-docker"
     description: "Drone Dind image name"
     type: string
     label: Drone Dind Image Name
@@ -39,7 +41,20 @@ questions:
     description: "Drone Dind image tag"
     type: string
     label: Drone Dind Image Tag
-- variable: server.env.DRONE_PROVIDER
+- variable: server.host
+  default: ""
+  type: string
+  description: "Set drone server host e.g drone.domain.io, if not set, it will be autofilled with the cluster host."
+  label: Drone Host Doamin
+  required: true
+  group: "Drone Settings"
+- variable: server.adminUser
+  default: ""
+  type: string
+  description: "Set to a valid oauth user from your git/oauth server."
+  label: Set Drone Admin User
+  group: "Drone Settings"
+- variable: sourceControl.provider
   default: "github"
   description: "Choose your server integrations"
   type: enum
@@ -47,99 +62,111 @@ questions:
   label: Drone Integration Server
   group: "Drone Settings"
   options:
-    - "github"
-    - "gitlab"
-    - "gitea"
-    - "gogs"
-    - "bitbucket"
-    - "coding"
-- variable: server.env.DRONE_GITHUB_CLIENT
+  - "github"
+  - "gitlab"
+  - "gitea"
+  - "gogs"
+  - "bitbucketCloud"
+  - "bitbucketServer"
+- variable: sourceControl.secret
+  default: ""
+  type: secret
+  description: "Name of an existing secret to get the drone provider secret values from."
+  label: Select the Existing Drone Provider Secret
+  group: "Drone Settings"
+# Github config
+- variable: sourceControl.github.clientID
   default: ""
-  description: "Github OAuth2 Client ID"
+  description: "Github oauth client ID"
   type: string
   required: true
-  label: Github OAuth2 Client ID
-  show_if: "server.env.DRONE_PROVIDER=github"
+  label: Github OAuth Client ID
+  show_if: "sourceControl.provider=github"
   group: "Drone Settings"
-- variable: server.env.DRONE_GITHUB_SECRET
+- variable: sourceControl.github.clientSecretValue
   default: ""
-  description: "Github oauth2 client secret"
+  description: "Github oauth client secret"
   type: string
   required: true
-  show_if: "server.env.DRONE_PROVIDER=github"
+  show_if: "sourceControl.provider=github&&sourceControl.secret="
   group: "Drone Settings"
-  label: Github OAuth2 Client Secret
-- variable: server.env.DRONE_GITLAB_CLIENT
+  label: Github OAuth Client Secret
+# Gitlab config
+- variable: sourceControl.gitlab.clientID
   default: ""
   description: "GitLab oauth2 client id"
   type: string
   required: true
   label: GitLab OAuth2 Client ID
-  show_if: "server.env.DRONE_PROVIDER=gitlab"
+  show_if: "sourceControl.provider=gitlab"
   group: "Drone Settings"
-- variable: server.env.DRONE_GITLAB_SECRET
+- variable: sourceControl.gitlab.server
   default: ""
-  description: "GitLab oauth2 client secret"
+  description: "GitLab Server Address"
   type: string
   required: true
-  label: GitLab OAuth2 Client Secret
-  show_if: "server.env.DRONE_PROVIDER=gitlab"
+  label: GitLab Server Address
+  show_if: "sourceControl.provider=gitlab"
   group: "Drone Settings"
-- variable: server.env.DRONE_GITLAB_URL
+- variable: sourceControl.gitlab.clientSecretValue
   default: ""
-  description: "GitLab Server Address"
+  description: "GitLab client secret"
   type: string
   required: true
-  label: GitLab Server Address
-  show_if: "server.env.DRONE_PROVIDER=gitlab"
+  label: GitLab Client Secret
+  show_if: "sourceControl.provider=gitlab&&sourceControl.secret="
   group: "Drone Settings"
-- variable: server.env.DRONE_GITEA_URL
+# Gitea config
+- variable: sourceControl.gitea.server
   default: ""
   description: "Gitea Server Address"
   type: string
   required: true
   label: Gitea Server Address
-  show_if: "server.env.DRONE_PROVIDER=gitea"
+  show_if: "sourceControl.provider=gitea"
   group: "Drone Settings"
-- variable: server.env.DRONE_GOGS_URL
+# Gogs config
+- variable: sourceControl.gogs.server
   default: ""
   description: "Gogs Server Address"
   type: string
   required: true
   label: Gogs Server Address
-  show_if: "server.env.DRONE_PROVIDER=gogs"
+  show_if: "sourceControl.provider=gogs"
   group: "Drone Settings"
-- variable: server.env.DRONE_BITBUCKET_CLIENT
+# BitbucketCloud config
+- variable: sourceControl.bitbucketCloud.clientID
   default: ""
-  description: "Bitbucket oauth2 client id"
+  description: "Bitbucket cloud oauth2 client id"
   type: string
   required: true
-  label: Bitbucket OAuth2 Client ID
-  show_if: "server.env.DRONE_PROVIDER=bitbucket"
+  label: Bitbucket Cloud OAuth2 Client ID
+  show_if: "sourceControl.provider=bitbucketCloud"
   group: "Drone Settings"
-- variable: server.env.DRONE_BITBUCKET_SECRET
+- variable: sourceControl.bitbucketCloud.clientSecretValue
   default: ""
-  description: "Bitbucket oauth2 client secret"
+  description: "Bitbucket cloud client secret"
   type: string
   required: true
-  label: Bitbucket OAuth2 Client Secret
-  show_if: "server.env.DRONE_PROVIDER=bitbucket"
+  label: Bitbucket Cloud Client Secret
+  show_if: "sourceControl.provider=bitbucketCloud&&sourceControl.secret="
   group: "Drone Settings"
-- variable: server.env.DRONE_CODING_CLIENT
+# BitbucketServer config
+- variable: sourceControl.bitbucketServer.server
   default: ""
-  description: "Coding oauth2 client id"
+  description: "Bitbucket Server Address"
   type: string
   required: true
-  label: Coding OAuth2 Client ID
-  show_if: "server.env.DRONE_PROVIDER=coding"
+  label: Bitbucket Server Address
+  show_if: "sourceControl.provider=bitbucketServer"
   group: "Drone Settings"
-- variable: server.env.DRONE_CODING_SECRET
+- variable: sourceControl.bitbucketServer.username
   default: ""
-  description: "Coding oauth2 client secret"
+  description: "Bitbucket server username"
   type: string
   required: true
-  label: Coding OAuth2 Client Secret
-  show_if: "server.env.DRONE_PROVIDER=coding"
+  label: Bitbucket Server Username
+  show_if: "sourceControl.provider=bitbucketCloud"
   group: "Drone Settings"
 # persistent setting
 - variable: persistence.enabled
@@ -166,6 +193,36 @@ questions:
     description: "If not empty, uses the specified existing PVC instead of creating new one"
     type: pvc
     label: Uses Existing Persistent Volume Cliam
+- variable: server.env.DRONE_LOGS_DEBUG
+  default: "false"
+  type: enum
+  description: "The default log level is INFO. You can enable more detailed debug logging with the following configuration parameter."
+  label: Enable Drone Server Debugging Logs
+  group: "Drone Settings"
+  options:
+  - "false"
+  - "true"
+# database setting
+- variable: server.env.DRONE_DATABASE_DRIVER
+  default: "sqlite3"
+  description: "Drone requires the use of a database backend for persistence. Drone uses an embedded sqlite database by default"
+  type: enum
+  required: true
+  label: Select Drone Databse Driver
+  group: "Database Settings"
+  options:
+  - "sqlite3"
+  - "postgres"
+  - "mysql"
+- variable: server.env.DRONE_DATABASE_DATASOURCE
+  default: ""
+  description: "Specify Drone database datasource, e.g., postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable"
+  type: string
+  required: true
+  label: Drone Database Datasource
+  show_if: "server.env.DRONE_DATABASE_DRIVER!=sqlite3"
+  group: "Database Settings"
+# service & LB settings
 - variable: ingress.enabled
   default: false
   description: "Expose app using Layer 7 Load Balancer - ingress"

charts/drone/v2.0.7/templates/NOTES.txt

-{{- if hasKey .Values.server.env "DRONE_PROVIDER" }}
+{{- if eq (include "drone.providerOK" .) "true" }}
 *********************************************************************************
 ***        PLEASE BE PATIENT: drone may take a few minutes to install         ***
 *********************************************************************************
@@ -6,7 +6,7 @@
 {{- if .Values.ingress.enabled }}
 From outside the cluster, the server URL(s) are:
 {{- range .Values.ingress.hosts }}
-     http://{{ . }}
+     {{ $.Values.server.protocol }}://{{ . }}
 {{- end }}
 
 {{- else if contains "NodePort" .Values.service.type }}
@@ -29,7 +29,7 @@ Get the Drone URL by running:
 Get the Drone URL by running:
   export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "component=server,app={{ template "drone.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   echo http://127.0.0.1:8000/
-  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8000:8000
+  kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8000:80
 {{- end }}
 {{- else -}}
 ##############################################################################
@@ -41,15 +41,13 @@ control provider:
 
     kubectl create secret generic drone-server-secrets \
       --namespace={{ .Release.Namespace }} \
-      --from-literal=DRONE_GITHUB_SECRET="github-oauth2-client-secret"
+      --from-literal=clientSecret="github-oauth2-client-secret"
 
     helm upgrade {{ .Release.Name }} \
       --reuse-values \
-      --set 'server.env.DRONE_PROVIDER="github"' \
-      --set 'server.env.DRONE_GITHUB="true"' \
-      --set 'server.env.DRONE_ORGS="my-github-org"' \
-      --set 'server.env.DRONE_GITHUB_CLIENT="github-oauth2-client-id"' \
-      --set 'server.envSecrets.drone-server-secrets[0]=DRONE_GITHUB_SECRET' \
+      --set 'sourceControl.provider=github' \
+      --set 'sourceControl.github.clientID=github-oauth2-client-id' \
+      --set 'sourceControl.secret=drone-server-secrets' \
       stable/drone
 
 Currently supported providers:
@@ -60,10 +58,22 @@ Currently supported providers:
     - Gogs
     - Bitbucket Cloud
     - Bitbucket Server (Stash)
-    - Coding
+
+See the values.yaml file to see what values are required for each provider.
 
 If you are having trouble with the configuration of a provider please visit
 the official documentation:
 
     http://docs.drone.io/installation/
 {{- end }}
+
+{{ if not .Values.server.kubernetes.enabled }}
+##############################################################################
+####  WARNING: running drone in kubernetes with legacy pipeline execution ####
+##############################################################################
+
+By setting `server.kubernetes.enabled=false` you've disabled kubernetes
+pipelines and are instead using the legacy agent method which utilizes
+either docker-in-docker or host mounting in the docker socket. This is
+not recommended due to the additional security concerns.
+{{- end }}

charts/drone/v2.0.7/templates/_helpers.tpl

@@ -25,18 +25,25 @@ Create the name of the service account to use
 {{- end -}}
 {{- end -}}
 
-{{- define "drone.server.provider" -}}
-{{- if eq .Values.server.env.DRONE_PROVIDER "github" -}}
-{{- print "DRONE_GITHUB" -}}
-{{- else if eq .Values.server.env.DRONE_PROVIDER "gitlab" -}}
-{{- print "DRONE_GITLAB" -}}
-{{- else if eq .Values.server.env.DRONE_PROVIDER "gitea" -}}
-{{- print "DRONE_GITEA" -}}
-{{- else if eq .Values.server.env.DRONE_PROVIDER "gogs" -}}
-{{- print "DRONE_GOGS" -}}
-{{- else if eq .Values.server.env.DRONE_PROVIDER "bitbucket" -}}
-{{- print "DRONE_BITBUCKET" -}}
-{{- else if eq .Values.server.env.DRONE_PROVIDER "coding" -}}
-{{- print "DRONE_CODING" -}}
+{{/*
+Create the name of the secret for source control
+*/}}
+{{- define "drone.sourceControlSecret" -}}
+{{- if .Values.sourceControl.secret -}}
+    {{ printf "%s" .Values.sourceControl.secret }}
+{{- else -}}
+    {{ printf "%s-%s" (include "drone.fullname" .) "source-control" | trunc 63 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use for kubernetes pipelines
+*/}}
+{{- define "drone.pipelineServiceAccount" -}}
+{{- if .Values.serviceAccount.create -}}
+  {{- $psa := printf "%s-%s" (include "drone.serviceAccountName" .) "pipeline" | trunc 63 -}}
+  {{ default $psa .Values.server.kubernetes.pipelineServiceAccount }}
+{{- else -}}
+  {{ default "default" .Values.server.kubernetes.pipelineServiceAccount }}
 {{- end -}}
 {{- end -}}

charts/drone/v2.0.7/templates/_provider-envs.yaml

+{{- define "drone.providerEnvs" -}}
+{{- if eq .Values.sourceControl.provider "github" -}}
+          - name: DRONE_GITHUB_CLIENT_ID
+            value: {{ .Values.sourceControl.github.clientID }}
+          - name: DRONE_GITHUB_SERVER
+            value: {{ .Values.sourceControl.github.server }}
+          - name: DRONE_GITHUB_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "drone.sourceControlSecret" . }}
+                key: {{ .Values.sourceControl.github.clientSecretKey }}
+{{- end -}}
+{{- if eq .Values.sourceControl.provider "gitlab" -}}
+          - name: DRONE_GITLAB_CLIENT_ID
+            value: {{ .Values.sourceControl.gitlab.clientID }}
+          - name: DRONE_GITLAB_SERVER
+            value: {{ .Values.sourceControl.gitlab.server }}
+          - name: DRONE_GITLAB_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "drone.sourceControlSecret" . }}
+                key: {{ .Values.sourceControl.gitlab.clientSecretKey }}
+{{- end -}}
+{{- if eq .Values.sourceControl.provider "gitea" -}}
+          - name: DRONE_GITEA_SERVER
+            value: {{ .Values.sourceControl.gitea.server }}
+{{- end -}}
+{{- if eq .Values.sourceControl.provider "gogs" -}}
+          - name: DRONE_GOGS_SERVER
+            value: {{ .Values.sourceControl.gogs.server }}
+{{- end -}}
+{{- if eq .Values.sourceControl.provider "bitbucketCloud" -}}
+          - name: DRONE_BITBUCKET_CLIENT_ID
+            value: {{ .Values.sourceControl.bitbucketCloud.clientID }}
+          - name: DRONE_BITBUCKET_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "drone.sourceControlSecret" . }}
+                key: {{ .Values.sourceControl.bitbucketCloud.clientSecretKey }}
+{{- end -}}
+{{- if eq .Values.sourceControl.provider "bitbucketServer" -}}
+          - name: DRONE_STASH_SERVER
+            value: {{ .Values.sourceControl.bitbucketServer.server }}
+          - name: DRONE_GIT_USERNAME
+            value: {{ .Values.sourceControl.bitbucketServer.username }}
+          - name: DRONE_GIT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "drone.sourceControlSecret" . }}
+                key: {{ .Values.sourceControl.bitbucketServer.passwordKey }}
+          - name: DRONE_STASH_CONSUMER_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "drone.sourceControlSecret" . }}
+                key: {{ .Values.sourceControl.bitbucketServer.consumerKey }}
+          - name: DRONE_STASH_PRIVATE_KEY
+            value: /etc/bitbucket/key.pem
+{{- end -}}
+{{- end -}}
+
+{{/*
+Check if a valid source control provider has been set
+*/}}
+{{- define "drone.providerOK" -}}
+{{- if .Values.sourceControl.provider -}}
+  {{- if eq .Values.sourceControl.provider "github" -}}
+    {{- if and .Values.sourceControl.github.server .Values.sourceControl.github.clientID -}}
+      true
+    {{- end -}}
+  {{- else if eq .Values.sourceControl.provider "gitlab" -}}
+    {{- if and .Values.sourceControl.gitlab.server .Values.sourceControl.gitlab.clientID -}}
+      true
+    {{- end -}}
+  {{- else if eq .Values.sourceControl.provider "gitea" -}}
+    {{- if .Values.sourceControl.gitea.server -}}
+      true
+    {{- end -}}
+  {{- else if eq .Values.sourceControl.provider "gogs" -}}
+    {{- if .Values.sourceControl.gogs.server -}}
+      true
+    {{- end -}}
+  {{- else if eq .Values.sourceControl.provider "bitbucketCloud" -}}
+    {{- if .Values.sourceControl.bitbucketCloud.clientID -}}
+      true
+    {{- end -}}
+  {{- else if eq .Values.sourceControl.provider "bitbucketServer" -}}
+    {{- if and .Values.sourceControl.bitbucketServer.server .Values.sourceControl.bitbucketServer.username -}}
+      true
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/drone/v2.0.7/templates/deployment-agent.yaml

-apiVersion: extensions/v1beta1
+{{- if not .Values.server.kubernetes.enabled -}}
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "drone.fullname" . }}-agent
@@ -10,6 +11,11 @@ metadata:
     component: agent
 spec:
   replicas: {{ .Values.agent.replicas }}
+  selector:
+    matchLabels:
+      app: {{ template "drone.name" . }}
+      release: "{{ .Release.Name }}"
+      component: agent
   template:
     metadata:
       annotations:
@@ -33,9 +39,13 @@ spec:
       nodeSelector:
 {{ toYaml .Values.agent.nodeSelector | indent 8 }}
 {{- end }}
+{{- with .Values.agent.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 6 }}
+{{- end }}
       serviceAccountName: {{ template "drone.serviceAccountName" . }}
       containers:
-      - name: {{ template "drone.fullname" . }}-agent
+      - name: agent
         image: "{{ .Values.images.agent.repository }}:{{ .Values.images.agent.tag }}"
         imagePullPolicy: {{ .Values.images.agent.pullPolicy }}
         ports:
@@ -43,9 +53,9 @@ spec:
           containerPort: 3000
           protocol: TCP
         env:
-          - name: DRONE_SERVER
-            value: {{ template "drone.fullname" . }}:9000
-          - name: DRONE_SECRET
+          - name: DRONE_RPC_SERVER
+            value: http://{{ template "drone.fullname" . }}
+          - name: DRONE_RPC_SECRET
             valueFrom:
               secretKeyRef:
                 name: {{ template "drone.fullname" . }}
@@ -58,28 +68,6 @@ spec:
           - name: {{ $key }}
             value: {{ $value | quote }}
           {{- end }}
-{{- if .Values.agent.livenessProbe.enabled }}
-        livenessProbe:
-          httpGet:
-            path: "/healthz"
-            port: http
-          initialDelaySeconds: {{ .Values.agent.livenessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.agent.livenessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.agent.livenessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.agent.livenessProbe.successThreshold }}
-          failureThreshold: {{ .Values.agent.livenessProbe.failureThreshold }}
-{{- end }}
-{{- if .Values.agent.readinessProbe.enabled }}
-        readinessProbe:
-          httpGet:
-            path: "/healthz"
-            port: http
-          initialDelaySeconds: {{ .Values.agent.readinessProbe.initialDelaySeconds }}
-          periodSeconds: {{ .Values.agent.readinessProbe.periodSeconds }}
-          timeoutSeconds: {{ .Values.agent.readinessProbe.timeoutSeconds }}
-          successThreshold: {{ .Values.agent.readinessProbe.successThreshold }}
-          failureThreshold: {{ .Values.agent.readinessProbe.failureThreshold }}
-{{- end }}
         resources:
 {{ toYaml .Values.agent.resources | indent 10 }}
 {{- if not .Values.dind.enabled }}
@@ -88,12 +76,19 @@ spec:
         volumeMounts:
           - mountPath: /var/run/docker.sock
             name: docker-socket
+      {{- with .Values.agent.volumeMounts }}
+          {{- toYaml . | nindent 10 }}
+      {{- end }}
       volumes:
         - name: docker-socket
           hostPath:
             path: /var/run/docker.sock
 {{- else }}
-      - name: {{ template "drone.fullname" . }}-dind
+      {{- with .Values.agent.volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 10 }}
+      {{- end }}
+      - name: dind
         image: "{{ .Values.images.dind.repository }}:{{ .Values.images.dind.tag }}"
         imagePullPolicy: {{ .Values.images.dind.pullPolicy }}
 {{- if .Values.dind.command }}
@@ -116,7 +111,14 @@ spec:
         volumeMounts:
           - name: docker-graph-storage
             mountPath: /var/lib/docker
+      {{- with .Values.dind.volumeMounts }}
+          {{- toYaml . | nindent 10 }}
+      {{- end }}
       volumes:
       - name: docker-graph-storage
         emptyDir: {}
 {{- end }}
+    {{- with .Values.agent.volumes }}
+        {{- toYaml . | nindent 6 }}
+    {{- end }}
+{{- end -}}

charts/drone/v2.0.7/templates/deployment-server.yaml

-{{- if hasKey .Values.server.env "DRONE_PROVIDER" }}
-apiVersion: extensions/v1beta1
+{{- if eq (include "drone.providerOK" .) "true" }}
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "drone.fullname" . }}-server
@@ -11,6 +11,11 @@ metadata:
     component: server
 spec:
   replicas: 1
+  selector:
+    matchLabels:
+      app: {{ template "drone.name" . }}
+      release: "{{ .Release.Name }}"
+      component: server
   template:
     metadata:
       annotations:
@@ -38,15 +43,46 @@ spec:
       nodeSelector:
 {{ toYaml .Values.server.nodeSelector | indent 8 }}
 {{- end }}
+{{- with .Values.server.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 6 }}
+{{- end }}
       serviceAccountName: {{ template "drone.serviceAccountName" . }}
       containers:
-      - name: {{ template "drone.fullname" . }}-server
+      - name: server
         image: "{{ .Values.images.server.repository }}:{{ .Values.images.server.tag }}"
         imagePullPolicy: {{ .Values.images.server.pullPolicy }}
         env:
-          - name: {{ template "drone.server.provider" . }}
+        {{- if .Values.server.kubernetes.enabled }}
+          - name: DRONE_KUBERNETES_ENABLED
+            value: "true"
+          - name: DRONE_KUBERNETES_NAMESPACE
+            value: {{ default .Release.Namespace .Values.server.kubernetes.namespace }}
+          - name: DRONE_KUBERNETES_SERVICE_ACCOUNT
+            value: {{ template "drone.pipelineServiceAccount" . }}
+        {{- else }}
+          - name: DRONE_AGENTS_ENABLED
             value: "true"
-          - name: DRONE_SECRET
+        {{- end }}
+          - name: DRONE_GIT_ALWAYS_AUTH
+            value: {{ .Values.server.alwaysAuth | quote }}
+          - name: DRONE_SERVER_HOST
+          {{- if hasKey .Values.server "host" }}
+            value: "{{ .Values.server.host }}"
+          {{- else }}
+            value: "{{ template "drone.fullname" . }}"
+          {{- end }}
+          - name: DRONE_RPC_PROTO
+            value: "{{ .Values.server.rpcProtocol }}"
+          - name: DRONE_RPC_HOST
+            value: {{ template "drone.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.httpPort }}
+          - name: DRONE_SERVER_PROTO
+            value: {{ .Values.server.protocol }}
+          {{- if .Values.server.adminUser }}
+          - name: DRONE_USER_CREATE
+            value: username:{{ .Values.server.adminUser }},machine:false,admin:true
+          {{- end }}
+          - name: DRONE_RPC_SECRET
             valueFrom:
               secretKeyRef:
                 name: {{ template "drone.fullname" . }}
@@ -60,21 +96,17 @@ spec:
                 key: {{ . | quote }}
           {{- end }}
           {{- end }}
-          - name: DRONE_HOST
-          {{- if hasKey .Values.server "host" }}
-            value: "{{ .Values.server.host }}"
-          {{- else }}
-            value: "http://{{ template "drone.fullname" . }}"
-          {{- end }}
           {{- range $key, $value := .Values.server.env }}
-          {{- if $value }}
           - name: {{ $key }}
             value: {{ $value | quote }}
           {{- end }}
-          {{- end }}
+          {{ template "drone.providerEnvs" . }}
         ports:
         - name: http
-          containerPort: 8000
+          containerPort: 80
+          protocol: TCP
+        - name: https
+          containerPort: 443
           protocol: TCP
         - name: grpc
           containerPort: 9000
@@ -86,12 +118,25 @@ spec:
         resources:
 {{ toYaml .Values.server.resources | indent 10 }}
         volumeMounts:
-          - name: data
-            mountPath: /var/lib/drone
+        {{ if eq .Values.sourceControl.provider "bitbucketServer" -}}
+        - name: bitbucket-private-key
+          mountPath: /etc/bitbucket
+          readOnly: true
+        {{ end }}
+        - name: data
+          mountPath: /var/lib/drone
 {{- with .Values.server.extraContainers }}
 {{ tpl . $ | indent 6 }}
 {{- end }}
       volumes:
+      {{ if eq .Values.sourceControl.provider "bitbucketServer" -}}
+      - name: bitbucket-private-key
+        secret:
+          secretName: {{ template "drone.sourceControlSecret" . }}
+          items:
+            - key: {{ .Values.sourceControl.bitbucketServer.privateKey }}
+              path: key.pem
+      {{ end -}}
       - name: data
       {{- if .Values.persistence.enabled }}
         persistentVolumeClaim:

charts/drone/v2.0.7/templates/ingress.yaml

@@ -20,13 +20,15 @@ spec:
     - host: {{ . }}
       http:
         paths:
-        {{- if index $.Values.ingress "annotations" }}
-          {{- if eq (index $.Values.ingress.annotations "kubernetes.io/ingress.class" | default "") "gce" "alb" }}
+        {{- if $.Values.ingress.path }}
+          - path: {{ $.Values.ingress.path }}
+        {{- else if index $.Values.ingress "annotations" }}
+          {{- if eq (index $.Values.ingress.annotations "kubernetes.io/ingress.class" | default "") "gce" "alb" "istio" }}
           - path: /*
-          {{- else }}{{/* Has annotations but ingress class is not "gce" nor "alb" */}}
+          {{- else }}{{/* Has annotations but ingress class is not "gce" nor "alb" nor "istio" */}}
           - path: /
           {{- end }}
-        {{- else}}{{/* Has no annotations */}}
+        {{- else }}{{/* Has no annotations */}}
           - path: /
         {{- end }}
             backend:

charts/drone/v2.0.7/templates/namespace-pipeline.yaml

+{{- if hasKey .Values.server.kubernetes "namespace" -}}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.server.kubernetes.namespace }}
+  labels:
+    app: {{ template "drone.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    component: server
+{{- end -}}

charts/drone/v2.0.7/templates/role-binding-pipeline.yaml

+{{- if and .Values.rbac.create .Values.server.kubernetes.enabled -}}
+apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "drone.fullname" . }}-pipeline
+  labels:
+    app: {{ template "drone.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "drone.pipelineServiceAccount" . }}
+    namespace: {{ default .Release.Namespace .Values.server.kubernetes.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "drone.fullname" . }}-pipeline
+  apiGroup: rbac.authorization.k8s.io
+{{- end -}}

charts/drone/v2.0.7/templates/role-pipeline.yaml

+{{- if and .Values.rbac.create .Values.server.kubernetes.enabled -}}
+apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
+kind: ClusterRole
+metadata:
+  name: {{ template "drone.fullname" . }}-pipeline
+  labels:
+    app: {{ template "drone.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+rules:
+  - apiGroups:
+      - extensions
+    resources:
+      - deployments
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - configmaps
+      - secrets
+      - pods
+      - services
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods/log
+    verbs:
+      - get
+{{ end }}

charts/drone/v2.0.7/templates/role.yaml

@@ -10,6 +10,12 @@ metadata:
     heritage: "{{ .Release.Service }}"
 rules:
   - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - "*"
+  - apiGroups:
       - extensions
     resources:
       - deployments

charts/drone/v2.0.7/templates/secrets.yaml

@@ -14,3 +14,26 @@ data:
   {{ else }}
   secret: "{{ randAlphaNum 24 | b64enc }}"
   {{ end }}
+---
+{{- if not .Values.sourceControl.secret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "drone.sourceControlSecret" . }}
+  labels:
+    app: {{ template "drone.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  {{if .Values.sourceControl.provider}}
+  {{ if eq .Values.sourceControl.provider "github" }}
+  {{ .Values.sourceControl.github.clientSecretKey }}: {{ .Values.sourceControl.github.clientSecretValue | b64enc | quote }}
+  {{- else if  eq .Values.sourceControl.provider "gitlab" -}}
+  {{ .Values.sourceControl.gitlab.clientSecretKey }}: {{ .Values.sourceControl.gitlab.clientSecretValue | b64enc | quote }}
+  {{- else if eq .Values.sourceControl.provider "bitbucketCloud" -}}
+  {{ .Values.sourceControl.bitbucketCloud.clientSecretKey }}: {{ .Values.sourceControl.bitbucketCloud.clientSecretValue | b64enc | quote }}
+  {{ end }}
+  {{ end }}
+{{- end -}}

charts/drone/v2.0.7/templates/service-account-pipeline.yaml

+{{ if and .Values.serviceAccount.create .Values.server.kubernetes.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "drone.pipelineServiceAccount" . }}
+  namespace: {{ default .Release.Namespace .Values.server.kubernetes.namespace }}
+  labels:
+    app: {{ template "drone.name" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+{{ end }}

charts/drone/v2.0.7/templates/service.yaml

@@ -13,16 +13,21 @@ metadata:
     heritage: "{{ .Release.Service }}"
 spec:
   type: {{ .Values.service.type }}
+  {{- if and (hasKey .Values.service "loadBalancerIP") (eq .Values.service.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
   ports:
   - name: http
     port: {{ .Values.service.httpPort }}
-    targetPort: 8000
+    targetPort: 80
 {{- if hasKey .Values.service "nodePort" }}
     nodePort: {{ .Values.service.nodePort }}
 {{- end }}
+{{- if .Values.service.exposeGRPC }}
   - name: grpc
     port: 9000
     targetPort: 9000
+{{- end }}
   selector:
     app: {{ template "drone.name" . }}
     release: {{ .Release.Name | quote }}

charts/drone/v2.0.7/values.yaml

-appVersion: "0.8.6"
-
 images:
   ## The official drone (server) image, change tag to use a different version.
   ## ref: https://hub.docker.com/r/drone/drone/tags/
   ##
   server:
-    repository: "docker.io/drone/drone"
-    tag: 0.8.6
+    # repository: "docker.io/drone/drone"
+    repository: "ranchercharts/drone-drone"
+    tag: 1.2
     pullPolicy: IfNotPresent
 
   ## The official drone (agent) image, change tag to use a different version.
   ## ref: https://hub.docker.com/r/drone/agent/tags/
   ##
   agent:
-    repository: "docker.io/drone/agent"
-    tag: 0.8.6
+    # repository: "docker.io/drone/agent"
+    repository: "ranchercharts/drone-agent"
+    tag: 1.2
     pullPolicy: IfNotPresent
 
   ## The official docker (dind) image, change tag to use a different version.
   ## ref: https://hub.docker.com/r/library/docker/tags/
   ##
   dind:
-    repository: "docker.io/library/docker"
+    # repository: "docker.io/library/docker"
+    repository: "ranchercharts/library-docker"
     tag: 18.06.1-ce-dind
     pullPolicy: IfNotPresent
 
@@ -35,7 +36,10 @@ service:
 
   ## Service type can be set to ClusterIP, NodePort or LoadBalancer.
   ##
-  type: NodePort
+  type: ClusterIP
+
+  ## Specify a load balancer IP address to use if your provider supports it.
+  # loadBalancerIP:
 
   ## Drone Service annotations
   ##
@@ -44,6 +48,9 @@ service:
   #   service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:xx-xxxx-x:xxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
   #   external-dns.alpha.kubernetes.io/hostname: drone.domain.tld.
 
+  ## set to true if you want to expose drone's GRPC via the service (for external access)
+  exposeGRPC: false
+
 ingress:
   ## If true, Drone Ingress will be created.
   ##
@@ -68,32 +75,89 @@ ingress:
   #     hosts:
   #       - drone.domain.io
 
+sourceControl:
+  ## your source control provider: github,gitlab,gitea,gogs,bitbucketCloud,bitbucketServer
+  provider:
+  ## secret containing your source control provider secrets, keys provided below.
+  ## if left blank will assume a secret based on the release name of the chart.
+  secret:
+  ## Fill in the correct values for your chosen source control provider
+  ## Any key in this list with the suffix `Key` will be fetched from the
+  ## secret named above, if not provided the secret it will be created as
+  ## `<fullName>-source-control` using for the key "ClientSecretKey" and
+  # "clientSecretValue" for the value. Be awere to not leak shis file with your password
+  github:
+    clientID:
+    clientSecretKey: clientSecret
+    clientSecretValue:
+    server: https://github.com
+  gitlab:
+    clientID:
+    clientSecretKey: clientSecret
+    clientSecretValue:
+    server:
+  gitea:
+    server:
+  gogs:
+    server:
+  bitbucketCloud:
+    clientID:
+    clientSecretKey: clientSecret
+    clientSecretValue:
+  bitbucketServer:
+    server:
+    consumerKey: consumerKey
+    privateKey: privateKey
+    username:
+    passwordKey: password
+
 server:
   ## If not set, it will be autofilled with the cluster host.
-  ## Host must be in "<scheme>://<hostname>" format.
+  ## Host shoud be just the hostname.
   ##
-  # host: "https://drone.domain.io"
+  # host: "drone.domain.io"
+
+  ## protocol should be http or https
+  protocol: http
+
+  ## rpcProtocol for rpc connection to the server should be http or https
+  rpcProtocol: http
+
+  ## Initial admin user
+  ## Leaving this blank may make it impossible to log into drone.
+  ## Set to a valid oauth user from your git/oauth server
+  ## For more complex user creation you can use env variables below instead.
+  adminUser:
+
+  ## Configures Drone to authenticate when cloning public repositories. This is only required
+  ## when your source code management system (e.g. GitHub Enterprise) has private mode enabled.
+  alwaysAuth: false
+
+  ## Configures drone to use kubernetes to run pipelines rather than agents, if enabled
+  ## will not deploy any agents.
+  kubernetes:
+    ## set to true if you want drone to use kubernetes to run pipelines
+    enabled: true
+    ## you can run pipeline jobs in another namespace, if you choose to do this
+    ## you'll need to create that namespace manually.
+    # namespace:
+
+    ## alternative service account to create to create drone pipelines. this account
+    ## will be given cluster-admin rights.
+    ## if not set the rights will be given to the default drone service account name.
+    # pipelineServiceAccount:
 
   ## Drone server configuration.
   ## Values in here get injected as environment variables.
-  ## ref: http://readme.drone.io/admin/installation-reference
+  ## You can set up remote database servers etc using environment
+  ## variables.
+  ## ref: https://docs.drone.io/reference/server/
   ##
   env:
-    DRONE_DEBUG: "false"
+    DRONE_LOGS_DEBUG: "false"
     DRONE_DATABASE_DRIVER: "sqlite3"
     DRONE_DATABASE_DATASOURCE: "/var/lib/drone/drone.sqlite"
 
-    ## Drone requires some environment variables to bootstrap the
-    ## git service or it won't start up.
-    ## Uncomment this and add your own custom configuration.
-    ##
-    # DRONE_PROVIDER: "github"
-    DRONE_OPEN: "true"
-    # DRONE_GITHUB: "true"
-    # DRONE_ORGS: "my-github-org,my-other-github-org"
-    # DRONE_ADMIN:"admin-1,admin-2"
-    # DRONE_GITHUB_CLIENT: "github-oauth2-client-id"
-
   ## Secret environment variables are configured in `server.envSecrets`.
   ## Each item in `server.envSecrets` references a Kubernetes Secret.
   ## These Secrets should be created before they are referenced.
@@ -134,6 +198,11 @@ server:
   ##
   nodeSelector: {}
 
+  ## Node taints to tolerate
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
   ## additional siecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy.
   ## ex: https://github.com/kubernetes/charts/tree/master/stable/keycloak
   ##
@@ -146,10 +215,10 @@ server:
 agent:
   ## Drone agent configuration.
   ## Values in here get injected as environment variables.
-  ## ref: http://readme.drone.io/admin/installation-reference
+  ## ref: https://docs.drone.io/reference/agent/
   ##
   env:
-    DRONE_DEBUG: "false"
+    DRONE_LOGS_DEBUG: "false"
 
   ## Number of drone agent replicas
   replicas: 1
@@ -159,6 +228,34 @@ agent:
   ##
   annotations: {}
 
+  ## Additional volumes e.g. for shared caching between agents on different nodes or
+  ## shared cache between agents on the same node when using dind or
+  ## for a global docker login config as per
+  ## Option 2 ref: https://discourse.drone.io/t/how-to-pull-private-images-with-1-0/3155
+  ## Note: Option 2 also requires DRONE_DOCKER_CONFIG: /root/.docker/config.json env var in agent
+  ## NB: This will make the credentials available globally to all builds and all repositories
+  # volumes:
+  # - name: docker-config
+  #   secret:
+  #     defaultMode: 420
+  #     items:
+  #     - key: .dockerconfigjson
+  #       path: config.json
+  #     secretName: drone-docker-config
+  # - name: persistent-data
+  #   persistentVolumeClaim:
+  #     claimName: drone-agent-pvc
+  # - name: cache
+  #   hostPath:
+  #     path: /drone-cache
+  #     type: Directory
+
+  ## Volume mount into agent container
+  # volumeMounts:
+  # - name: docker-config
+  #   mountPath: /root/.docker
+  #   readOnly: true
+
   ## CPU and memory limits for drone agent
   ##
   resources: {}
@@ -171,20 +268,9 @@ agent:
 
   ## Liveness and readiness probe values
   ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-  livenessProbe:
-    enabled: true
-    failureThreshold: 3
-    initialDelaySeconds: 0
-    periodSeconds: 10
-    successThreshold: 1
-    timeoutSeconds: 1
-  readinessProbe:
-    enabled: true
-    failureThreshold: 3
-    initialDelaySeconds: 0
-    periodSeconds: 10
-    successThreshold: 1
-    timeoutSeconds: 1
+  ## drone agent does not currently have a health endpoint to check against.
+  livenessProbe: {}
+  readinessProbe: {}
 
   ## Use an alternate scheduler, e.g. "stork".
   ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
@@ -201,6 +287,11 @@ agent:
   ##
   nodeSelector: {}
 
+  ## Node taints to tolerate
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+
 dind:
   ## Enable or disable DinD
   ## If disabled, the drone agent will spawn docker containers on the host. Pay
@@ -226,6 +317,15 @@ dind:
   ##
   driver: overlay2
 
+  ## Volume mount into dind container
+  ## Volumes are defined under agent values.
+  # volumeMounts:
+  # - mountPath: /root/.docker
+  #   name: docker-config
+  #   readOnly: true
+  # - name: persistent-data
+  #   mountPath: /mnt/drone-cache
+
   ## CPU and memory limits for dind
   ##
   resources: {}