156 lines
3.5 KiB
Markdown
156 lines
3.5 KiB
Markdown
# Deployment
|
|
|
|
To deploy:
|
|
|
|
```
|
|
kubectl apply -n drone -f application.yml
|
|
```
|
|
|
|
To bootstrap secrets:
|
|
|
|
```
|
|
kubectl create secret generic -n drone application-secrets \
|
|
--from-literal=DRONE_GITEA_CLIENT_ID=... \
|
|
--from-literal=DRONE_GITEA_CLIENT_SECRET=... \
|
|
--from-literal=DRONE_RPC_SECRET=$(cat /dev/urandom | base64 | head -c 30)
|
|
```
|
|
|
|
# Integrating with Docker registry
|
|
|
|
We use harbor.k-space.ee to host own images.
|
|
|
|
Set up robot account `robot$k-space+drone` in Harbor first.
|
|
|
|
In Drone associate `docker_username` and `docker_password` secrets with the
|
|
`k-space`.
|
|
|
|
Instead of click marathon you can also pull the CLI configuration for Drone
|
|
from https://drone.k-space.ee/account
|
|
|
|
```
|
|
drone orgsecret add k-space docker_username 'robot$k-space+drone'
|
|
drone orgsecret add k-space docker_password '...'
|
|
```
|
|
|
|
# Integrating with e-mail
|
|
|
|
To (re)set e-mail credentials:
|
|
|
|
```
|
|
drone orgsecret add k-space email_password '...'
|
|
```
|
|
|
|
To issue build hit the button in Drone web interface or alternatively:
|
|
|
|
```
|
|
drone build create k-space/...
|
|
```
|
|
|
|
# Using templates
|
|
|
|
Templates unfortunately aren't pulled in from this Git repo.
|
|
|
|
Current `docker.yaml` template includes following:
|
|
|
|
```
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-arm64
|
|
platform:
|
|
arch: arm64
|
|
os: linux
|
|
node_selector:
|
|
kubernetes.io/arch: arm64
|
|
tolerations:
|
|
- key: arch
|
|
operator: Equal
|
|
value: arm64
|
|
effect: NoSchedule
|
|
steps:
|
|
- name: submodules
|
|
image: alpine/git
|
|
commands:
|
|
- touch .gitmodules
|
|
- sed -i -e 's/git@git.k-space.ee:/https:\\/\\/git.k-space.ee\\//g' .gitmodules
|
|
- git submodule update --init --recursive
|
|
- echo "ENV GIT_COMMIT=$(git rev-parse HEAD)" >> Dockerfile
|
|
- echo "ENV GIT_COMMIT_TIMESTAMP=$(git log -1 --format=%cd --date=iso-strict)" >> Dockerfile
|
|
- cat Dockerfile
|
|
- name: docker
|
|
image: harbor.k-space.ee/k-space/drone-kaniko
|
|
settings:
|
|
repo: ${DRONE_REPO}
|
|
tags: latest-arm64
|
|
registry: harbor.k-space.ee
|
|
username:
|
|
from_secret: docker_username
|
|
password:
|
|
from_secret: docker_password
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-amd64
|
|
platform:
|
|
arch: amd64
|
|
os: linux
|
|
node_selector:
|
|
kubernetes.io/arch: amd64
|
|
steps:
|
|
- name: submodules
|
|
image: alpine/git
|
|
commands:
|
|
- touch .gitmodules
|
|
- sed -i -e 's/git@git.k-space.ee:/https:\\/\\/git.k-space.ee\\//g' .gitmodules
|
|
- git submodule update --init --recursive
|
|
- echo "ENV GIT_COMMIT=$(git rev-parse HEAD)" >> Dockerfile
|
|
- echo "ENV GIT_COMMIT_TIMESTAMP=$(git log -1 --format=%cd --date=iso-strict)" >> Dockerfile
|
|
- cat Dockerfile
|
|
- name: docker
|
|
image: harbor.k-space.ee/k-space/drone-kaniko
|
|
settings:
|
|
repo: ${DRONE_REPO}
|
|
tags: latest-amd64
|
|
registry: harbor.k-space.ee
|
|
storage_driver: vfs
|
|
username:
|
|
from_secret: docker_username
|
|
password:
|
|
from_secret: docker_password
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: manifest
|
|
steps:
|
|
- name: manifest
|
|
image: plugins/manifest
|
|
settings:
|
|
target: ${DRONE_REPO}:latest
|
|
template: ${DRONE_REPO}:latest-ARCH
|
|
platforms:
|
|
- linux/amd64
|
|
- linux/arm64
|
|
username:
|
|
from_secret: docker_username
|
|
password:
|
|
from_secret: docker_password
|
|
depends_on:
|
|
- build-amd64
|
|
- build-arm64
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: gitlint
|
|
steps:
|
|
- name: gitlint
|
|
image: harbor.k-space.ee/k-space/gitlint-bundle
|
|
# https://git.k-space.ee/k-space/gitlint-bundle
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: flake8
|
|
steps:
|
|
- name: flake8
|
|
image: harbor.k-space.ee/k-space/flake8-bundle
|
|
# https://git.k-space.ee/k-space/flake8-bundle
|
|
```
|