From de573721bdc9a8cbced55d87a0704ac857ff8871 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Fri, 26 Jul 2024 13:51:55 +0300 Subject: [PATCH] Deprecate Drone as it's devs moved on to develop Gitness --- drone-execution/README.md | 13 -- drone-execution/application.yml | 177 ------------------------- drone-execution/networkpolicy-base.yml | 1 - drone/.helmignore | 25 ---- drone/README.md | 155 ---------------------- drone/application.yml | 117 ---------------- 6 files changed, 488 deletions(-) delete mode 100644 drone-execution/README.md delete mode 100644 drone-execution/application.yml delete mode 120000 drone-execution/networkpolicy-base.yml delete mode 100644 drone/.helmignore delete mode 100644 drone/README.md delete mode 100644 drone/application.yml diff --git a/drone-execution/README.md b/drone-execution/README.md deleted file mode 100644 index a4cf1db..0000000 --- a/drone-execution/README.md +++ /dev/null @@ -1,13 +0,0 @@ -To deply: - -``` -kubectl apply -n drone-execution -f application.yml -``` - -To bootstrap secrets: - -``` - kubectl create secret generic -n drone-execution application-secrets \ - --from-literal=DRONE_RPC_SECRET=$(kubectl get secret -n drone application-secrets -o jsonpath="{.data.DRONE_RPC_SECRET}" | base64 -d) \ - --from-literal=DRONE_SECRET_PLUGIN_TOKEN=$(cat /dev/urandom | base64 | head -c 30) -``` diff --git a/drone-execution/application.yml b/drone-execution/application.yml deleted file mode 100644 index aee02c5..0000000 --- a/drone-execution/application.yml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: drone-runner-kube ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: application-config -data: - DRONE_DEBUG: "false" - DRONE_TRACE: "false" - DRONE_NAMESPACE_DEFAULT: "drone-execution" - DRONE_RPC_HOST: "drone.k-space.ee" - DRONE_RPC_PROTO: "https" - PLUGIN_MTU: "1300" - DRONE_SECRET_PLUGIN_ENDPOINT: "http://secrets:3000" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: drone-runner-kube - namespace: "drone-execution" - labels: - app: drone-runner-kube -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - get - - create - - delete - - list - - watch - - update ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: drone-runner-kube - namespace: drone-execution - labels: - app: drone-runner-kube -subjects: - - kind: ServiceAccount - name: drone-runner-kube - namespace: drone-execution -roleRef: - kind: Role - name: drone-runner-kube - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - name: drone-runner-kube - labels: - app: drone-runner-kube -spec: - type: ClusterIP - ports: - - port: 3000 - targetPort: http - protocol: TCP - name: http - selector: - app: drone-runner-kube ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: drone-runner-kube - annotations: - keel.sh/policy: force - keel.sh/trigger: poll - keel.sh/pollSchedule: "@midnight" -spec: - replicas: 1 - selector: - matchLabels: - app: drone-runner-kube - template: - metadata: - labels: - app: drone-runner-kube - spec: - serviceAccountName: drone-runner-kube - terminationGracePeriodSeconds: 3600 - containers: - - name: server - securityContext: - {} - image: drone/drone-runner-kube - imagePullPolicy: Always - ports: - - name: http - containerPort: 3000 - protocol: TCP - envFrom: - - configMapRef: - name: application-config - - secretRef: - name: application-secrets ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: drone-kubernetes-secrets - annotations: - keel.sh/policy: force - keel.sh/trigger: poll - keel.sh/pollSchedule: "@midnight" -spec: - replicas: 1 - selector: - matchLabels: - app: drone-kubernetes-secrets - template: - metadata: - labels: - app: drone-kubernetes-secrets - spec: - containers: - - name: secrets - image: drone/kubernetes-secrets - imagePullPolicy: Always - ports: - - containerPort: 3000 - env: - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: application-secrets - key: DRONE_SECRET_PLUGIN_TOKEN ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: drone-kubernetes-secrets -spec: - podSelector: - matchLabels: - app: drone-kubernetes-secrets - policyTypes: - - Ingress - ingress: - - from: - - podSelector: - matchLabels: - app: drone-runner-kube - ports: - - port: 3000 ---- -# Following should block access to pods in other namespaces, but should permit -# Git checkout, pip install, talking to Traefik via public IP etc -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: drone-runner-kube -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 diff --git a/drone-execution/networkpolicy-base.yml b/drone-execution/networkpolicy-base.yml deleted file mode 120000 index e84a698..0000000 --- a/drone-execution/networkpolicy-base.yml +++ /dev/null @@ -1 +0,0 @@ -../shared/networkpolicy-base.yml \ No newline at end of file diff --git a/drone/.helmignore b/drone/.helmignore deleted file mode 100644 index 7872af6..0000000 --- a/drone/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# Chart dirs/files -docs/ -ci/ diff --git a/drone/README.md b/drone/README.md deleted file mode 100644 index ae378c9..0000000 --- a/drone/README.md +++ /dev/null @@ -1,155 +0,0 @@ -# Deployment - -To deploy: - -``` -kubectl apply -n drone -f application.yml -``` - -To bootstrap secrets: - -``` - kubectl create secret generic -n drone application-secrets \ - --from-literal=DRONE_GITEA_CLIENT_ID=... \ - --from-literal=DRONE_GITEA_CLIENT_SECRET=... \ - --from-literal=DRONE_RPC_SECRET=$(cat /dev/urandom | base64 | head -c 30) -``` - -# Integrating with Docker registry - -We use harbor.k-space.ee to host own images. - -Set up robot account `robot$k-space+drone` in Harbor first. - -In Drone associate `docker_username` and `docker_password` secrets with the -`k-space`. - -Instead of click marathon you can also pull the CLI configuration for Drone -from https://drone.k-space.ee/account - -``` -drone orgsecret add k-space docker_username 'robot$k-space+drone' - drone orgsecret add k-space docker_password '...' -``` - -# Integrating with e-mail - -To (re)set e-mail credentials: - -``` -drone orgsecret add k-space email_password '...' -``` - -To issue build hit the button in Drone web interface or alternatively: - -``` -drone build create k-space/... -``` - -# Using templates - -Templates unfortunately aren't pulled in from this Git repo. - -Current `docker.yaml` template includes following: - -``` -kind: pipeline -type: kubernetes -name: build-arm64 -platform: - arch: arm64 - os: linux -node_selector: - kubernetes.io/arch: arm64 -tolerations: -- key: arch - operator: Equal - value: arm64 - effect: NoSchedule -steps: -- name: submodules - image: alpine/git - commands: - - touch .gitmodules - - sed -i -e 's/git@git.k-space.ee:/https:\\/\\/git.k-space.ee\\//g' .gitmodules - - git submodule update --init --recursive - - echo "ENV GIT_COMMIT=$(git rev-parse HEAD)" >> Dockerfile - - echo "ENV GIT_COMMIT_TIMESTAMP=$(git log -1 --format=%cd --date=iso-strict)" >> Dockerfile - - cat Dockerfile -- name: docker - image: harbor.k-space.ee/k-space/drone-kaniko - settings: - repo: ${DRONE_REPO} - tags: latest-arm64 - registry: harbor.k-space.ee - username: - from_secret: docker_username - password: - from_secret: docker_password ---- -kind: pipeline -type: kubernetes -name: build-amd64 -platform: - arch: amd64 - os: linux -node_selector: - kubernetes.io/arch: amd64 -steps: -- name: submodules - image: alpine/git - commands: - - touch .gitmodules - - sed -i -e 's/git@git.k-space.ee:/https:\\/\\/git.k-space.ee\\//g' .gitmodules - - git submodule update --init --recursive - - echo "ENV GIT_COMMIT=$(git rev-parse HEAD)" >> Dockerfile - - echo "ENV GIT_COMMIT_TIMESTAMP=$(git log -1 --format=%cd --date=iso-strict)" >> Dockerfile - - cat Dockerfile -- name: docker - image: harbor.k-space.ee/k-space/drone-kaniko - settings: - repo: ${DRONE_REPO} - tags: latest-amd64 - registry: harbor.k-space.ee - storage_driver: vfs - username: - from_secret: docker_username - password: - from_secret: docker_password ---- -kind: pipeline -type: kubernetes -name: manifest -steps: -- name: manifest - image: plugins/manifest - settings: - target: ${DRONE_REPO}:latest - template: ${DRONE_REPO}:latest-ARCH - platforms: - - linux/amd64 - - linux/arm64 - username: - from_secret: docker_username - password: - from_secret: docker_password -depends_on: -- build-amd64 -- build-arm64 ---- -kind: pipeline -type: kubernetes -name: gitlint -steps: -- name: gitlint - image: harbor.k-space.ee/k-space/gitlint-bundle - # https://git.k-space.ee/k-space/gitlint-bundle ---- -kind: pipeline -type: kubernetes -name: flake8 -steps: -- name: flake8 - image: harbor.k-space.ee/k-space/flake8-bundle - # https://git.k-space.ee/k-space/flake8-bundle -``` diff --git a/drone/application.yml b/drone/application.yml deleted file mode 100644 index 96b010e..0000000 --- a/drone/application.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: drone -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - app: drone ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: drone - annotations: - keel.sh/policy: minor - keel.sh/trigger: poll - keel.sh/pollSchedule: "@midnight" -spec: - serviceName: drone - replicas: 1 - selector: - matchLabels: - app: drone - template: - metadata: - labels: - app: drone - spec: - automountServiceAccountToken: false - securityContext: - {} - containers: - - name: server - securityContext: - {} - image: drone/drone:2 - ports: - - name: http - containerPort: 80 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - env: - - name: DRONE_GITEA_SERVER - value: https://git.k-space.ee - - name: DRONE_GIT_ALWAYS_AUTH - value: "false" - - name: DRONE_SERVER_HOST - value: drone.k-space.ee - - name: DRONE_SERVER_PROTO - value: https - - name: DRONE_USER_CREATE - value: username:lauri,admin:true - - name: DRONE_DEBUG - value: "true" - - name: DRONE_TRACE - value: "true" - envFrom: - - secretRef: - name: application-secrets - volumeMounts: - - name: drone-data - mountPath: /data - volumeClaimTemplates: - - metadata: - name: drone-data - spec: - storageClassName: longhorn - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: redirect -spec: - redirectRegex: - regex: ^https://(.*)/register$ - replacement: https://${1}/ - permanent: false ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: drone - annotations: - external-dns.alpha.kubernetes.io/target: traefik.k-space.ee - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.middlewares: drone-redirect@kubernetescrd -spec: - tls: - - hosts: - - "*.k-space.ee" - rules: - - host: "drone.k-space.ee" - http: - paths: - - pathType: Prefix - path: / - backend: - service: - name: drone - port: - number: 80