Skip to content

C
charts
Commit 04cf311b by Guangbo Chen Committed by Denise Schannon
Options

Bump drone to v2.0.7

parent ea450458
Showing with 623 additions and 167 deletions
charts/drone/v2.0.7/Chart.yaml
apiVersion: v1
name: drone
home: https://drone.io/
icon: https://drone.io/apple-touch-icon.png
version: 1.7.4
appVersion: 0.8.6
icon: file://../drone.png
version: 2.0.7
appVersion: 1.2
description: Drone is a Continuous Delivery system built on container technology
keywords:
- continuous-delivery
......@@ -17,3 +18,7 @@ sources:
maintainers:
- name: christian-roggia
email: christian.roggia@gmail.com
- name: paulczar
email: username.taken@gmail.com
- name: zakkg3
email: zakkg3@gmail.com
charts/drone/v2.0.7/OWNERS
approvers:
- christian-roggia
- zakkg3
reviewers:
- christian-roggia
- zakkg3
charts/drone/v2.0.7/app-readme.md
# Drone.io
[Drone](http://readme.drone.io/) is a Continuous Integration platform built on container technology.
[Drone](http://readme.drone.io/) v1 is a Continuous Integration platform built on container technology with native Kubernetes support.
## Installation
If you are installing Drone this is the place to start. Choose you source code management system and we will guide you through a [basic installation](http://readme.drone.io/).
## Installing the Chart
Note: The chart will not install the drone server until you have configured a source control option. If this is the case it will print out notes on how to configure it in place using `helm upgrade`.
In order to not expose your secrets in the Helm release, you can create the secrets upfront and select to use it. e.g,
```console
kubectl create secret generic drone-server-secrets \
--namespace=drone \
--from-literal=clientSecret="XXXXXXXXXXXXXXXXXXXXXXXX"
```
Reference the [drone doc](http://readme.drone.io/) for more details.
**WARNING:**
```
It is not recommended to upgrade from earlier (appVersion 0.8.x) versions of Drone due to the large amount of breaking changes both in the product and in the helm charts.
```
charts/drone/v2.0.7/questions.yml
labels:
io.cattle.role: cluster # options are cluster/project
categories:
- CI/CD
questions:
......@@ -10,27 +12,27 @@ questions:
group: "Container Images"
subquestions:
- variable: images.server.repository
default: "docker.io/drone/drone"
default: "ranchercharts/drone-drone"
description: "Drone Server image name"
type: string
label: Drone Server Image Name
- variable: images.server.tag
default: "0.8.6"
default: "1.2"
description: "Drone Server image tag"
type: string
label: Drone Server Image Tag
- variable: images.agent.repository
default: "docker.io/drone/agent"
default: "ranchercharts/drone-agent"
description: "Drone Agent image name"
type: string
label: Drone Agent Image Name
- variable: images.agent.tag
default: "0.8.6"
default: "1.2"
description: "Drone Agent image tag"
type: string
label: Drone Agent Image Tag
- variable: images.dind.repository
default: "docker.io/library/docker"
default: "ranchercharts/library-docker"
description: "Drone Dind image name"
type: string
label: Drone Dind Image Name
......@@ -39,7 +41,20 @@ questions:
description: "Drone Dind image tag"
type: string
label: Drone Dind Image Tag
- variable: server.env.DRONE_PROVIDER
- variable: server.host
default: ""
type: string
description: "Set drone server host e.g drone.domain.io, if not set, it will be autofilled with the cluster host."
label: Drone Host Doamin
required: true
group: "Drone Settings"
- variable: server.adminUser
default: ""
type: string
description: "Set to a valid oauth user from your git/oauth server."
label: Set Drone Admin User
group: "Drone Settings"
- variable: sourceControl.provider
default: "github"
description: "Choose your server integrations"
type: enum
......@@ -47,99 +62,111 @@ questions:
label: Drone Integration Server
group: "Drone Settings"
options:
- "github"
- "gitlab"
- "gitea"
- "gogs"
- "bitbucket"
- "coding"
- variable: server.env.DRONE_GITHUB_CLIENT
- "github"
- "gitlab"
- "gitea"
- "gogs"
- "bitbucketCloud"
- "bitbucketServer"
- variable: sourceControl.secret
default: ""
type: secret
description: "Name of an existing secret to get the drone provider secret values from."
label: Select the Existing Drone Provider Secret
group: "Drone Settings"
# Github config
- variable: sourceControl.github.clientID
default: ""
description: "Github OAuth2 Client ID"
description: "Github oauth client ID"
type: string
required: true
label: Github OAuth2 Client ID
show_if: "server.env.DRONE_PROVIDER=github"
label: Github OAuth Client ID
show_if: "sourceControl.provider=github"
group: "Drone Settings"
- variable: server.env.DRONE_GITHUB_SECRET
- variable: sourceControl.github.clientSecretValue
default: ""
description: "Github oauth2 client secret"
description: "Github oauth client secret"
type: string
required: true
show_if: "server.env.DRONE_PROVIDER=github"
show_if: "sourceControl.provider=github&&sourceControl.secret="
group: "Drone Settings"
label: Github OAuth2 Client Secret
- variable: server.env.DRONE_GITLAB_CLIENT
label: Github OAuth Client Secret
# Gitlab config
- variable: sourceControl.gitlab.clientID
default: ""
description: "GitLab oauth2 client id"
type: string
required: true
label: GitLab OAuth2 Client ID
show_if: "server.env.DRONE_PROVIDER=gitlab"
show_if: "sourceControl.provider=gitlab"
group: "Drone Settings"
- variable: server.env.DRONE_GITLAB_SECRET
- variable: sourceControl.gitlab.server
default: ""
description: "GitLab oauth2 client secret"
description: "GitLab Server Address"
type: string
required: true
label: GitLab OAuth2 Client Secret
show_if: "server.env.DRONE_PROVIDER=gitlab"
label: GitLab Server Address
show_if: "sourceControl.provider=gitlab"
group: "Drone Settings"
- variable: server.env.DRONE_GITLAB_URL
- variable: sourceControl.gitlab.clientSecretValue
default: ""
description: "GitLab Server Address"
description: "GitLab client secret"
type: string
required: true
label: GitLab Server Address
show_if: "server.env.DRONE_PROVIDER=gitlab"
label: GitLab Client Secret
show_if: "sourceControl.provider=gitlab&&sourceControl.secret="
group: "Drone Settings"
- variable: server.env.DRONE_GITEA_URL
# Gitea config
- variable: sourceControl.gitea.server
default: ""
description: "Gitea Server Address"
type: string
required: true
label: Gitea Server Address
show_if: "server.env.DRONE_PROVIDER=gitea"
show_if: "sourceControl.provider=gitea"
group: "Drone Settings"
- variable: server.env.DRONE_GOGS_URL
# Gogs config
- variable: sourceControl.gogs.server
default: ""
description: "Gogs Server Address"
type: string
required: true
label: Gogs Server Address
show_if: "server.env.DRONE_PROVIDER=gogs"
show_if: "sourceControl.provider=gogs"
group: "Drone Settings"
- variable: server.env.DRONE_BITBUCKET_CLIENT
# BitbucketCloud config
- variable: sourceControl.bitbucketCloud.clientID
default: ""
description: "Bitbucket oauth2 client id"
description: "Bitbucket cloud oauth2 client id"
type: string
required: true
label: Bitbucket OAuth2 Client ID
show_if: "server.env.DRONE_PROVIDER=bitbucket"
label: Bitbucket Cloud OAuth2 Client ID
show_if: "sourceControl.provider=bitbucketCloud"
group: "Drone Settings"
- variable: server.env.DRONE_BITBUCKET_SECRET
- variable: sourceControl.bitbucketCloud.clientSecretValue
default: ""
description: "Bitbucket oauth2 client secret"
description: "Bitbucket cloud client secret"
type: string
required: true
label: Bitbucket OAuth2 Client Secret
show_if: "server.env.DRONE_PROVIDER=bitbucket"
label: Bitbucket Cloud Client Secret
show_if: "sourceControl.provider=bitbucketCloud&&sourceControl.secret="
group: "Drone Settings"
- variable: server.env.DRONE_CODING_CLIENT
# BitbucketServer config
- variable: sourceControl.bitbucketServer.server
default: ""
description: "Coding oauth2 client id"
description: "Bitbucket Server Address"
type: string
required: true
label: Coding OAuth2 Client ID
show_if: "server.env.DRONE_PROVIDER=coding"
label: Bitbucket Server Address
show_if: "sourceControl.provider=bitbucketServer"
group: "Drone Settings"
- variable: server.env.DRONE_CODING_SECRET
- variable: sourceControl.bitbucketServer.username
default: ""
description: "Coding oauth2 client secret"
description: "Bitbucket server username"
type: string
required: true
label: Coding OAuth2 Client Secret
show_if: "server.env.DRONE_PROVIDER=coding"
label: Bitbucket Server Username
show_if: "sourceControl.provider=bitbucketCloud"
group: "Drone Settings"
# persistent setting
- variable: persistence.enabled
......@@ -166,6 +193,36 @@ questions:
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Uses Existing Persistent Volume Cliam
- variable: server.env.DRONE_LOGS_DEBUG
default: "false"
type: enum
description: "The default log level is INFO. You can enable more detailed debug logging with the following configuration parameter."
label: Enable Drone Server Debugging Logs
group: "Drone Settings"
options:
- "false"
- "true"
# database setting
- variable: server.env.DRONE_DATABASE_DRIVER
default: "sqlite3"
description: "Drone requires the use of a database backend for persistence. Drone uses an embedded sqlite database by default"
type: enum
required: true
label: Select Drone Databse Driver
group: "Database Settings"
options:
- "sqlite3"
- "postgres"
- "mysql"
- variable: server.env.DRONE_DATABASE_DATASOURCE
default: ""
description: "Specify Drone database datasource, e.g., postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable"
type: string
required: true
label: Drone Database Datasource
show_if: "server.env.DRONE_DATABASE_DRIVER!=sqlite3"
group: "Database Settings"
# service & LB settings
- variable: ingress.enabled
default: false
description: "Expose app using Layer 7 Load Balancer - ingress"
......
charts/drone/v2.0.7/templates/NOTES.txt
{{- if hasKey .Values.server.env "DRONE_PROVIDER" }}
{{- if eq (include "drone.providerOK" .) "true" }}
*********************************************************************************
*** PLEASE BE PATIENT: drone may take a few minutes to install ***
*********************************************************************************
......@@ -6,7 +6,7 @@
{{- if .Values.ingress.enabled }}
From outside the cluster, the server URL(s) are:
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{ $.Values.server.protocol }}://{{ . }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
......@@ -29,7 +29,7 @@ Get the Drone URL by running:
Get the Drone URL by running:
export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "component=server,app={{ template "drone.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8000/
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8000:8000
kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8000:80
{{- end }}
{{- else -}}
##############################################################################
......@@ -41,15 +41,13 @@ control provider:
kubectl create secret generic drone-server-secrets \
--namespace={{ .Release.Namespace }} \
--from-literal=DRONE_GITHUB_SECRET="github-oauth2-client-secret"
--from-literal=clientSecret="github-oauth2-client-secret"
helm upgrade {{ .Release.Name }} \
--reuse-values \
--set 'server.env.DRONE_PROVIDER="github"' \
--set 'server.env.DRONE_GITHUB="true"' \
--set 'server.env.DRONE_ORGS="my-github-org"' \
--set 'server.env.DRONE_GITHUB_CLIENT="github-oauth2-client-id"' \
--set 'server.envSecrets.drone-server-secrets[0]=DRONE_GITHUB_SECRET' \
--set 'sourceControl.provider=github' \
--set 'sourceControl.github.clientID=github-oauth2-client-id' \
--set 'sourceControl.secret=drone-server-secrets' \
stable/drone
Currently supported providers:
......@@ -60,10 +58,22 @@ Currently supported providers:
- Gogs
- Bitbucket Cloud
- Bitbucket Server (Stash)
- Coding
See the values.yaml file to see what values are required for each provider.
If you are having trouble with the configuration of a provider please visit
the official documentation:
http://docs.drone.io/installation/
{{- end }}
{{ if not .Values.server.kubernetes.enabled }}
##############################################################################
#### WARNING: running drone in kubernetes with legacy pipeline execution ####
##############################################################################
By setting `server.kubernetes.enabled=false` you've disabled kubernetes
pipelines and are instead using the legacy agent method which utilizes
either docker-in-docker or host mounting in the docker socket. This is
not recommended due to the additional security concerns.
{{- end }}
charts/drone/v2.0.7/templates/_helpers.tpl
......@@ -25,18 +25,25 @@ Create the name of the service account to use
{{- end -}}
{{- end -}}
{{- define "drone.server.provider" -}}
{{- if eq .Values.server.env.DRONE_PROVIDER "github" -}}
{{- print "DRONE_GITHUB" -}}
{{- else if eq .Values.server.env.DRONE_PROVIDER "gitlab" -}}
{{- print "DRONE_GITLAB" -}}
{{- else if eq .Values.server.env.DRONE_PROVIDER "gitea" -}}
{{- print "DRONE_GITEA" -}}
{{- else if eq .Values.server.env.DRONE_PROVIDER "gogs" -}}
{{- print "DRONE_GOGS" -}}
{{- else if eq .Values.server.env.DRONE_PROVIDER "bitbucket" -}}
{{- print "DRONE_BITBUCKET" -}}
{{- else if eq .Values.server.env.DRONE_PROVIDER "coding" -}}
{{- print "DRONE_CODING" -}}
{{/*
Create the name of the secret for source control
*/}}
{{- define "drone.sourceControlSecret" -}}
{{- if .Values.sourceControl.secret -}}
{{ printf "%s" .Values.sourceControl.secret }}
{{- else -}}
{{ printf "%s-%s" (include "drone.fullname" .) "source-control" | trunc 63 -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for kubernetes pipelines
*/}}
{{- define "drone.pipelineServiceAccount" -}}
{{- if .Values.serviceAccount.create -}}
{{- $psa := printf "%s-%s" (include "drone.serviceAccountName" .) "pipeline" | trunc 63 -}}
{{ default $psa .Values.server.kubernetes.pipelineServiceAccount }}
{{- else -}}
{{ default "default" .Values.server.kubernetes.pipelineServiceAccount }}
{{- end -}}
{{- end -}}
charts/drone/v2.0.7/templates/_provider-envs.yaml 0 → 100644
{{- define "drone.providerEnvs" -}}
{{- if eq .Values.sourceControl.provider "github" -}}
- name: DRONE_GITHUB_CLIENT_ID
value: {{ .Values.sourceControl.github.clientID }}
- name: DRONE_GITHUB_SERVER
value: {{ .Values.sourceControl.github.server }}
- name: DRONE_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "drone.sourceControlSecret" . }}
key: {{ .Values.sourceControl.github.clientSecretKey }}
{{- end -}}
{{- if eq .Values.sourceControl.provider "gitlab" -}}
- name: DRONE_GITLAB_CLIENT_ID
value: {{ .Values.sourceControl.gitlab.clientID }}
- name: DRONE_GITLAB_SERVER
value: {{ .Values.sourceControl.gitlab.server }}
- name: DRONE_GITLAB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "drone.sourceControlSecret" . }}
key: {{ .Values.sourceControl.gitlab.clientSecretKey }}
{{- end -}}
{{- if eq .Values.sourceControl.provider "gitea" -}}
- name: DRONE_GITEA_SERVER
value: {{ .Values.sourceControl.gitea.server }}
{{- end -}}
{{- if eq .Values.sourceControl.provider "gogs" -}}
- name: DRONE_GOGS_SERVER
value: {{ .Values.sourceControl.gogs.server }}
{{- end -}}
{{- if eq .Values.sourceControl.provider "bitbucketCloud" -}}
- name: DRONE_BITBUCKET_CLIENT_ID
value: {{ .Values.sourceControl.bitbucketCloud.clientID }}
- name: DRONE_BITBUCKET_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "drone.sourceControlSecret" . }}
key: {{ .Values.sourceControl.bitbucketCloud.clientSecretKey }}
{{- end -}}
{{- if eq .Values.sourceControl.provider "bitbucketServer" -}}
- name: DRONE_STASH_SERVER
value: {{ .Values.sourceControl.bitbucketServer.server }}
- name: DRONE_GIT_USERNAME
value: {{ .Values.sourceControl.bitbucketServer.username }}
- name: DRONE_GIT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "drone.sourceControlSecret" . }}
key: {{ .Values.sourceControl.bitbucketServer.passwordKey }}
- name: DRONE_STASH_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: {{ template "drone.sourceControlSecret" . }}
key: {{ .Values.sourceControl.bitbucketServer.consumerKey }}
- name: DRONE_STASH_PRIVATE_KEY
value: /etc/bitbucket/key.pem
{{- end -}}
{{- end -}}
{{/*
Check if a valid source control provider has been set
*/}}
{{- define "drone.providerOK" -}}
{{- if .Values.sourceControl.provider -}}
{{- if eq .Values.sourceControl.provider "github" -}}
{{- if and .Values.sourceControl.github.server .Values.sourceControl.github.clientID -}}
true
{{- end -}}
{{- else if eq .Values.sourceControl.provider "gitlab" -}}
{{- if and .Values.sourceControl.gitlab.server .Values.sourceControl.gitlab.clientID -}}
true
{{- end -}}
{{- else if eq .Values.sourceControl.provider "gitea" -}}
{{- if .Values.sourceControl.gitea.server -}}
true
{{- end -}}
{{- else if eq .Values.sourceControl.provider "gogs" -}}
{{- if .Values.sourceControl.gogs.server -}}
true
{{- end -}}
{{- else if eq .Values.sourceControl.provider "bitbucketCloud" -}}
{{- if .Values.sourceControl.bitbucketCloud.clientID -}}
true
{{- end -}}
{{- else if eq .Values.sourceControl.provider "bitbucketServer" -}}
{{- if and .Values.sourceControl.bitbucketServer.server .Values.sourceControl.bitbucketServer.username -}}
true
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
charts/drone/v2.0.7/templates/deployment-agent.yaml
apiVersion: extensions/v1beta1
{{- if not .Values.server.kubernetes.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "drone.fullname" . }}-agent
......@@ -10,6 +11,11 @@ metadata:
component: agent
spec:
replicas: {{ .Values.agent.replicas }}
selector:
matchLabels:
app: {{ template "drone.name" . }}
release: "{{ .Release.Name }}"
component: agent
template:
metadata:
annotations:
......@@ -33,9 +39,13 @@ spec:
nodeSelector:
{{ toYaml .Values.agent.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.agent.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
serviceAccountName: {{ template "drone.serviceAccountName" . }}
containers:
- name: {{ template "drone.fullname" . }}-agent
- name: agent
image: "{{ .Values.images.agent.repository }}:{{ .Values.images.agent.tag }}"
imagePullPolicy: {{ .Values.images.agent.pullPolicy }}
ports:
......@@ -43,9 +53,9 @@ spec:
containerPort: 3000
protocol: TCP
env:
- name: DRONE_SERVER
value: {{ template "drone.fullname" . }}:9000
- name: DRONE_SECRET
- name: DRONE_RPC_SERVER
value: http://{{ template "drone.fullname" . }}
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: {{ template "drone.fullname" . }}
......@@ -58,28 +68,6 @@ spec:
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.agent.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: "/healthz"
port: http
initialDelaySeconds: {{ .Values.agent.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.agent.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.agent.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.agent.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.agent.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.agent.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: "/healthz"
port: http
initialDelaySeconds: {{ .Values.agent.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.agent.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.agent.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.agent.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.agent.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{ toYaml .Values.agent.resources | indent 10 }}
{{- if not .Values.dind.enabled }}
......@@ -88,12 +76,19 @@ spec:
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-socket
{{- with .Values.agent.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
{{- else }}
- name: {{ template "drone.fullname" . }}-dind
{{- with .Values.agent.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
- name: dind
image: "{{ .Values.images.dind.repository }}:{{ .Values.images.dind.tag }}"
imagePullPolicy: {{ .Values.images.dind.pullPolicy }}
{{- if .Values.dind.command }}
......@@ -116,7 +111,14 @@ spec:
volumeMounts:
- name: docker-graph-storage
mountPath: /var/lib/docker
{{- with .Values.dind.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumes:
- name: docker-graph-storage
emptyDir: {}
{{- end }}
{{- with .Values.agent.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}
charts/drone/v2.0.7/templates/deployment-server.yaml
{{- if hasKey .Values.server.env "DRONE_PROVIDER" }}
apiVersion: extensions/v1beta1
{{- if eq (include "drone.providerOK" .) "true" }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "drone.fullname" . }}-server
......@@ -11,6 +11,11 @@ metadata:
component: server
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "drone.name" . }}
release: "{{ .Release.Name }}"
component: server
template:
metadata:
annotations:
......@@ -38,15 +43,46 @@ spec:
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.server.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
serviceAccountName: {{ template "drone.serviceAccountName" . }}
containers:
- name: {{ template "drone.fullname" . }}-server
- name: server
image: "{{ .Values.images.server.repository }}:{{ .Values.images.server.tag }}"
imagePullPolicy: {{ .Values.images.server.pullPolicy }}
env:
- name: {{ template "drone.server.provider" . }}
{{- if .Values.server.kubernetes.enabled }}
- name: DRONE_KUBERNETES_ENABLED
value: "true"
- name: DRONE_KUBERNETES_NAMESPACE
value: {{ default .Release.Namespace .Values.server.kubernetes.namespace }}
- name: DRONE_KUBERNETES_SERVICE_ACCOUNT
value: {{ template "drone.pipelineServiceAccount" . }}
{{- else }}
- name: DRONE_AGENTS_ENABLED
value: "true"
- name: DRONE_SECRET
{{- end }}
- name: DRONE_GIT_ALWAYS_AUTH
value: {{ .Values.server.alwaysAuth | quote }}
- name: DRONE_SERVER_HOST
{{- if hasKey .Values.server "host" }}
value: "{{ .Values.server.host }}"
{{- else }}
value: "{{ template "drone.fullname" . }}"
{{- end }}
- name: DRONE_RPC_PROTO
value: "{{ .Values.server.rpcProtocol }}"
- name: DRONE_RPC_HOST
value: {{ template "drone.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.httpPort }}
- name: DRONE_SERVER_PROTO
value: {{ .Values.server.protocol }}
{{- if .Values.server.adminUser }}
- name: DRONE_USER_CREATE
value: username:{{ .Values.server.adminUser }},machine:false,admin:true
{{- end }}
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: {{ template "drone.fullname" . }}
......@@ -60,21 +96,17 @@ spec:
key: {{ . | quote }}
{{- end }}
{{- end }}
- name: DRONE_HOST
{{- if hasKey .Values.server "host" }}
value: "{{ .Values.server.host }}"
{{- else }}
value: "http://{{ template "drone.fullname" . }}"
{{- end }}
{{- range $key, $value := .Values.server.env }}
{{- if $value }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{ template "drone.providerEnvs" . }}
ports:
- name: http
containerPort: 8000
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
- name: grpc
containerPort: 9000
......@@ -86,12 +118,25 @@ spec:
resources:
{{ toYaml .Values.server.resources | indent 10 }}
volumeMounts:
- name: data
mountPath: /var/lib/drone
{{ if eq .Values.sourceControl.provider "bitbucketServer" -}}
- name: bitbucket-private-key
mountPath: /etc/bitbucket
readOnly: true
{{ end }}
- name: data
mountPath: /var/lib/drone
{{- with .Values.server.extraContainers }}
{{ tpl . $ | indent 6 }}
{{- end }}
volumes:
{{ if eq .Values.sourceControl.provider "bitbucketServer" -}}
- name: bitbucket-private-key
secret:
secretName: {{ template "drone.sourceControlSecret" . }}
items:
- key: {{ .Values.sourceControl.bitbucketServer.privateKey }}
path: key.pem
{{ end -}}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
......
charts/drone/v2.0.7/templates/ingress.yaml
......@@ -20,13 +20,15 @@ spec:
- host: {{ . }}
http:
paths:
{{- if index $.Values.ingress "annotations" }}
{{- if eq (index $.Values.ingress.annotations "kubernetes.io/ingress.class" | default "") "gce" "alb" }}
{{- if $.Values.ingress.path }}
- path: {{ $.Values.ingress.path }}
{{- else if index $.Values.ingress "annotations" }}
{{- if eq (index $.Values.ingress.annotations "kubernetes.io/ingress.class" | default "") "gce" "alb" "istio" }}
- path: /*
{{- else }}{{/* Has annotations but ingress class is not "gce" nor "alb" */}}
{{- else }}{{/* Has annotations but ingress class is not "gce" nor "alb" nor "istio" */}}
- path: /
{{- end }}
{{- else}}{{/* Has no annotations */}}
{{- else }}{{/* Has no annotations */}}
- path: /
{{- end }}
backend:
......
charts/drone/v2.0.7/templates/namespace-pipeline.yaml 0 → 100644
{{- if hasKey .Values.server.kubernetes "namespace" -}}
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.server.kubernetes.namespace }}
labels:
app: {{ template "drone.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
component: server
{{- end -}}
charts/drone/v2.0.7/templates/role-binding-pipeline.yaml 0 → 100644
{{- if and .Values.rbac.create .Values.server.kubernetes.enabled -}}
apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
kind: ClusterRoleBinding
metadata:
name: {{ template "drone.fullname" . }}-pipeline
labels:
app: {{ template "drone.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
subjects:
- kind: ServiceAccount
name: {{ template "drone.pipelineServiceAccount" . }}
namespace: {{ default .Release.Namespace .Values.server.kubernetes.namespace }}
roleRef:
kind: ClusterRole
name: {{ template "drone.fullname" . }}-pipeline
apiGroup: rbac.authorization.k8s.io
{{- end -}}
charts/drone/v2.0.7/templates/role-pipeline.yaml 0 → 100644
{{- if and .Values.rbac.create .Values.server.kubernetes.enabled -}}
apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
kind: ClusterRole
metadata:
name: {{ template "drone.fullname" . }}-pipeline
labels:
app: {{ template "drone.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
rules:
- apiGroups:
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- ""
resources:
- namespaces
- configmaps
- secrets
- pods
- services
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
{{ end }}
charts/drone/v2.0.7/templates/role.yaml
......@@ -10,6 +10,12 @@ metadata:
heritage: "{{ .Release.Service }}"
rules:
- apiGroups:
- batch
resources:
- jobs
verbs:
- "*"
- apiGroups:
- extensions
resources:
- deployments
......
charts/drone/v2.0.7/templates/secrets.yaml
......@@ -14,3 +14,26 @@ data:
{{ else }}
secret: "{{ randAlphaNum 24 | b64enc }}"
{{ end }}
---
{{- if not .Values.sourceControl.secret -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "drone.sourceControlSecret" . }}
labels:
app: {{ template "drone.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{if .Values.sourceControl.provider}}
{{ if eq .Values.sourceControl.provider "github" }}
{{ .Values.sourceControl.github.clientSecretKey }}: {{ .Values.sourceControl.github.clientSecretValue | b64enc | quote }}
{{- else if eq .Values.sourceControl.provider "gitlab" -}}
{{ .Values.sourceControl.gitlab.clientSecretKey }}: {{ .Values.sourceControl.gitlab.clientSecretValue | b64enc | quote }}
{{- else if eq .Values.sourceControl.provider "bitbucketCloud" -}}
{{ .Values.sourceControl.bitbucketCloud.clientSecretKey }}: {{ .Values.sourceControl.bitbucketCloud.clientSecretValue | b64enc | quote }}
{{ end }}
{{ end }}
{{- end -}}
charts/drone/v2.0.7/templates/service-account-pipeline.yaml 0 → 100644
{{ if and .Values.serviceAccount.create .Values.server.kubernetes.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "drone.pipelineServiceAccount" . }}
namespace: {{ default .Release.Namespace .Values.server.kubernetes.namespace }}
labels:
app: {{ template "drone.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ end }}
charts/drone/v2.0.7/templates/service.yaml
......@@ -13,16 +13,21 @@ metadata:
heritage: "{{ .Release.Service }}"
spec:
type: {{ .Values.service.type }}
{{- if and (hasKey .Values.service "loadBalancerIP") (eq .Values.service.type "LoadBalancer") }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: http
port: {{ .Values.service.httpPort }}
targetPort: 8000
targetPort: 80
{{- if hasKey .Values.service "nodePort" }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
{{- if .Values.service.exposeGRPC }}
- name: grpc
port: 9000
targetPort: 9000
{{- end }}
selector:
app: {{ template "drone.name" . }}
release: {{ .Release.Name | quote }}
......
charts/drone/v2.0.7/values.yaml
appVersion: "0.8.6"
images:
## The official drone (server) image, change tag to use a different version.
## ref: https://hub.docker.com/r/drone/drone/tags/
##
server:
repository: "docker.io/drone/drone"
tag: 0.8.6
# repository: "docker.io/drone/drone"
repository: "ranchercharts/drone-drone"
tag: 1.2
pullPolicy: IfNotPresent
## The official drone (agent) image, change tag to use a different version.
## ref: https://hub.docker.com/r/drone/agent/tags/
##
agent:
repository: "docker.io/drone/agent"
tag: 0.8.6
# repository: "docker.io/drone/agent"
repository: "ranchercharts/drone-agent"
tag: 1.2
pullPolicy: IfNotPresent
## The official docker (dind) image, change tag to use a different version.
## ref: https://hub.docker.com/r/library/docker/tags/
##
dind:
repository: "docker.io/library/docker"
# repository: "docker.io/library/docker"
repository: "ranchercharts/library-docker"
tag: 18.06.1-ce-dind
pullPolicy: IfNotPresent
......@@ -35,7 +36,10 @@ service:
## Service type can be set to ClusterIP, NodePort or LoadBalancer.
##
type: NodePort
type: ClusterIP
## Specify a load balancer IP address to use if your provider supports it.
# loadBalancerIP:
## Drone Service annotations
##
......@@ -44,6 +48,9 @@ service:
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:xx-xxxx-x:xxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
# external-dns.alpha.kubernetes.io/hostname: drone.domain.tld.
## set to true if you want to expose drone's GRPC via the service (for external access)
exposeGRPC: false
ingress:
## If true, Drone Ingress will be created.
##
......@@ -68,32 +75,89 @@ ingress:
# hosts:
# - drone.domain.io
sourceControl:
## your source control provider: github,gitlab,gitea,gogs,bitbucketCloud,bitbucketServer
provider:
## secret containing your source control provider secrets, keys provided below.
## if left blank will assume a secret based on the release name of the chart.
secret:
## Fill in the correct values for your chosen source control provider
## Any key in this list with the suffix `Key` will be fetched from the
## secret named above, if not provided the secret it will be created as
## `<fullName>-source-control` using for the key "ClientSecretKey" and
# "clientSecretValue" for the value. Be awere to not leak shis file with your password
github:
clientID:
clientSecretKey: clientSecret
clientSecretValue:
server: https://github.com
gitlab:
clientID:
clientSecretKey: clientSecret
clientSecretValue:
server:
gitea:
server:
gogs:
server:
bitbucketCloud:
clientID:
clientSecretKey: clientSecret
clientSecretValue:
bitbucketServer:
server:
consumerKey: consumerKey
privateKey: privateKey
username:
passwordKey: password
server:
## If not set, it will be autofilled with the cluster host.
## Host must be in "<scheme>://<hostname>" format.
## Host shoud be just the hostname.
##
# host: "https://drone.domain.io"
# host: "drone.domain.io"
## protocol should be http or https
protocol: http
## rpcProtocol for rpc connection to the server should be http or https
rpcProtocol: http
## Initial admin user
## Leaving this blank may make it impossible to log into drone.
## Set to a valid oauth user from your git/oauth server
## For more complex user creation you can use env variables below instead.
adminUser:
## Configures Drone to authenticate when cloning public repositories. This is only required
## when your source code management system (e.g. GitHub Enterprise) has private mode enabled.
alwaysAuth: false
## Configures drone to use kubernetes to run pipelines rather than agents, if enabled
## will not deploy any agents.
kubernetes:
## set to true if you want drone to use kubernetes to run pipelines
enabled: true
## you can run pipeline jobs in another namespace, if you choose to do this
## you'll need to create that namespace manually.
# namespace:
## alternative service account to create to create drone pipelines. this account
## will be given cluster-admin rights.
## if not set the rights will be given to the default drone service account name.
# pipelineServiceAccount:
## Drone server configuration.
## Values in here get injected as environment variables.
## ref: http://readme.drone.io/admin/installation-reference
## You can set up remote database servers etc using environment
## variables.
## ref: https://docs.drone.io/reference/server/
##
env:
DRONE_DEBUG: "false"
DRONE_LOGS_DEBUG: "false"
DRONE_DATABASE_DRIVER: "sqlite3"
DRONE_DATABASE_DATASOURCE: "/var/lib/drone/drone.sqlite"
## Drone requires some environment variables to bootstrap the
## git service or it won't start up.
## Uncomment this and add your own custom configuration.
##
# DRONE_PROVIDER: "github"
DRONE_OPEN: "true"
# DRONE_GITHUB: "true"
# DRONE_ORGS: "my-github-org,my-other-github-org"
# DRONE_ADMIN:"admin-1,admin-2"
# DRONE_GITHUB_CLIENT: "github-oauth2-client-id"
## Secret environment variables are configured in `server.envSecrets`.
## Each item in `server.envSecrets` references a Kubernetes Secret.
## These Secrets should be created before they are referenced.
......@@ -134,6 +198,11 @@ server:
##
nodeSelector: {}
## Node taints to tolerate
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## additional siecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy.
## ex: https://github.com/kubernetes/charts/tree/master/stable/keycloak
##
......@@ -146,10 +215,10 @@ server:
agent:
## Drone agent configuration.
## Values in here get injected as environment variables.
## ref: http://readme.drone.io/admin/installation-reference
## ref: https://docs.drone.io/reference/agent/
##
env:
DRONE_DEBUG: "false"
DRONE_LOGS_DEBUG: "false"
## Number of drone agent replicas
replicas: 1
......@@ -159,6 +228,34 @@ agent:
##
annotations: {}
## Additional volumes e.g. for shared caching between agents on different nodes or
## shared cache between agents on the same node when using dind or
## for a global docker login config as per
## Option 2 ref: https://discourse.drone.io/t/how-to-pull-private-images-with-1-0/3155
## Note: Option 2 also requires DRONE_DOCKER_CONFIG: /root/.docker/config.json env var in agent
## NB: This will make the credentials available globally to all builds and all repositories
# volumes:
# - name: docker-config
# secret:
# defaultMode: 420
# items:
# - key: .dockerconfigjson
# path: config.json
# secretName: drone-docker-config
# - name: persistent-data
# persistentVolumeClaim:
# claimName: drone-agent-pvc
# - name: cache
# hostPath:
# path: /drone-cache
# type: Directory
## Volume mount into agent container
# volumeMounts:
# - name: docker-config
# mountPath: /root/.docker
# readOnly: true
## CPU and memory limits for drone agent
##
resources: {}
......@@ -171,20 +268,9 @@ agent:
## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## drone agent does not currently have a health endpoint to check against.
livenessProbe: {}
readinessProbe: {}
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
......@@ -201,6 +287,11 @@ agent:
##
nodeSelector: {}
## Node taints to tolerate
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
dind:
## Enable or disable DinD
## If disabled, the drone agent will spawn docker containers on the host. Pay
......@@ -226,6 +317,15 @@ dind:
##
driver: overlay2
## Volume mount into dind container
## Volumes are defined under agent values.
# volumeMounts:
# - mountPath: /root/.docker
# name: docker-config
# readOnly: true
# - name: persistent-data
# mountPath: /mnt/drone-cache
## CPU and memory limits for dind
##
resources: {}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment