From a62c76a49b39afddd9fd967a952137bfbc1af73e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 18 May 2023 19:58:57 +0200 Subject: [PATCH] Migrate to docker runner --- .drone.yml | 13 ++++++++--- badhouseplants/helmfile.yaml | 5 +++++ ...decrypted~secrets.drone-runner-docker.yaml | 2 ++ .../values/secrets.drone-runner-docker.yaml | 22 +++++++++++++++++++ .../values/secrets.drone-runner-kube.yaml | 7 +++--- badhouseplants/values/secrets.drone.yaml | 5 +++-- .../values/values.drone-runner-docker.yaml | 12 ++++++++++ .../values/values.drone-runner-kube.yaml | 3 +-- badhouseplants/values/values.drone.yaml | 1 - releases.yaml | 19 ++++++++++++++-- 10 files changed, 76 insertions(+), 13 deletions(-) create mode 100644 badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml create mode 100644 badhouseplants/values/secrets.drone-runner-docker.yaml create mode 100644 badhouseplants/values/values.drone-runner-docker.yaml diff --git a/.drone.yml b/.drone.yml index f9f0b9c..8d814bf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,8 +3,11 @@ # -- Helmfile diff changes # ---------------------------------------------- kind: pipeline -type: kubernetes +type: docker name: Show helmfile diffs +platform: + os: linux + arch: amd64 trigger: branch: @@ -43,9 +46,13 @@ steps: # -- Helmfile apply changes # ---------------------------------------------- kind: pipeline -type: kubernetes +type: docker name: Apply helmfile changes +platform: + os: linux + arch: amd64 + trigger: branch: - main @@ -82,7 +89,7 @@ steps: # -- Check da helm pipeline # ---------------------------------------------- kind: pipeline -type: kubernetes +type: docker name: Check helmfiles trigger: event: diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 7d85357..9544105 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,6 +12,11 @@ releases: namespace: drone-service createNamespace: false + - <<: *drone-runner-docker + installed: true + namespace: drone-service + createNamespace: false + - <<: *longhorn installed: true namespace: longhorn-system diff --git a/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml new file mode 100644 index 0000000..d63f3e6 --- /dev/null +++ b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml @@ -0,0 +1,2 @@ +env: + DRONE_RPC_SECRET: qwFYt9UNsZeBhJ9RG5h6dKaKza8kMD diff --git a/badhouseplants/values/secrets.drone-runner-docker.yaml b/badhouseplants/values/secrets.drone-runner-docker.yaml new file mode 100644 index 0000000..eb18677 --- /dev/null +++ b/badhouseplants/values/secrets.drone-runner-docker.yaml @@ -0,0 +1,22 @@ +env: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 + Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi + aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ + em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh + DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-21T09:27:21Z" + mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.drone-runner-kube.yaml b/badhouseplants/values/secrets.drone-runner-kube.yaml index 67c1c78..cc83446 100644 --- a/badhouseplants/values/secrets.drone-runner-kube.yaml +++ b/badhouseplants/values/secrets.drone-runner-kube.yaml @@ -1,5 +1,6 @@ env: - DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:6vsbRkd6DbWKf6qPPtfmv14cvKc=,iv:PPlH4m+SyMNNo/bV5/hpW2CZPGwxNKwO3RzY5RPOu5w=,tag:BGEf82OvMjDQvKe078/Fkg==,type:str] + DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:wqUNt9o/+7fan2wxSfZjb4X3Ogk=,iv:IMc/dxu+ZN+PcbBMz+Z5J2JOAR3a6fuCdCx8XPtop4k=,tag:AryXmU1xrSCfAzZehvGvYg==,type:str] + DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +16,8 @@ sops: em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T11:56:50Z" - mac: ENC[AES256_GCM,data:5U/D1hI+3zulh0UuuBv/oGAU8Bz5hpWvLCxUSCQbPSOW08S2jBiyDEdDJH7g0/y1xQkd3xJYLzJ7ccWx98j+0QJ+HOzcUF1Hwro6Zl0GSw8D4xvIeulHwwM6MBJGtOanbSHjeJ6Qyqf/tM5bF9GXpDblrNOXrnhvGOHj2GkzstU=,iv:AWAn3hAUEs8mbproV0M5EJyKddfNmUrI0ouIjvh1fEE=,tag:bFIQa/v4CaDx4RAJ7aHjeg==,type:str] + lastmodified: "2023-05-21T09:07:35Z" + mac: ENC[AES256_GCM,data:4MIzNp44+5zPPOhiq5elk5JIrpVeiDG8/aYXxh9Xoch4f5L4omywoXk9znRVwXlaaL2FVS0RnOXvUrmWagdX0f5LTDE0WoThXIgL2YRayHEAISW8uu+auaLIE5qPT7rEI/JLHQhdSuczVYLNj3P2jOKK7XPAuV2E/65DXkvESGk=,iv:0OuRk8Ur+aU33DXn9KPIv+qW8RU/q0599AVRduQS2rQ=,tag:G7ygruy60cuDKgJFB3uoGQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.drone.yaml b/badhouseplants/values/secrets.drone.yaml index b7c56eb..82877c3 100644 --- a/badhouseplants/values/secrets.drone.yaml +++ b/badhouseplants/values/secrets.drone.yaml @@ -1,4 +1,5 @@ env: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:W1OAxQIUbVU8uYHtxujhPyww4jscNH4LwMAGOU5v,iv:ouToTniIMiy757x40MKMtmLFBVzpuGxSYOTMZmmN8ck=,tag:RZ/cb7cRXDQSAQwGqdX+zw==,type:str] DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:7Ohn3nGR9VeIhAr9EdW1/juRFo3TXpKIwU07hD8mGoyBrbyn,iv:9/y3Ou8H/PL2hMsirJaqviKGQuzVlzL43iGAKQb9NII=,tag:EZoo2F4/HoOcacWOVU9yjA==,type:str] DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:2wAbiSJdDb5lGUOocK14pZtwQI0EFmXGStAigKsPGAZUKyn7M0B6xBO1+B3wZYVnIKEohiNIZF7k,iv:Y9aCzdSH5cAIZfk84Clto/IrQMRaoH+bOkvbP+9CcLM=,tag:FVfLsEA56WGNCl/8ut4F/Q==,type:str] sops: @@ -16,8 +17,8 @@ sops: QStxOG1iMWlxQ2dmOXRabXp4cm9NSU0K/+CRAc7DH4PgbQscXvDb7yLe8VoEpixr icD3GL37kYE2D4h1cm+p+/b7BF4/yjNlCUvo5cITXRjZAuiWGwUixQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-13T09:01:15Z" - mac: ENC[AES256_GCM,data:cHdSHMa5dJTMrQsDOvTAORHON3WlFVRApaajAoZ8QIWWxC1ZCNIyMp1NlgZ+vv1vY951+JsOu4WYJdfygMvCplSz2ughqWgPFvykKOCBGTLfEKxSagnxuxuDpJ3FT2zlzzUxLFSOg8iGgpxZc9mF28divlAem4POkGgWs+7s7tE=,iv:Zjx1Zscf6G4QyZJayJLktSg6kOCl3K32G7U41dL1RVQ=,tag:v3m/hIt5A4xe6R1G9b30cA==,type:str] + lastmodified: "2023-05-18T17:11:19Z" + mac: ENC[AES256_GCM,data:d9G44MW63rUa/MQaW/rLQQ4dlgOOje6qaS1V7yWT3HrkRLOXRCfuK5E+XeWC1PuQwMk0ghaNYJDT0FTnBsoJbxlu+7Vb91qlItn+azvldOFDvtGTRpAK7bPjM+p+G4/gZsgarFxaTh7py6Z/HsoqP1RvaK8GWNhRl7VfTiFuUrA=,iv:e4IXbSSiHMTPc3WijuwgF8L5aG5iMMfu6P/IYD2cp5A=,tag:aGqcqjjrO+PfYxfIAgSmeQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml new file mode 100644 index 0000000..0ce5ba2 --- /dev/null +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -0,0 +1,12 @@ +--- +env: + DRONE_RPC_HOST: drone.badhouseplants.net + DRONE_RPC_PROTO: https + DRONE_NAMESPACE_DEFAULT: drone-service + DRONE_RESOURCE_LIMIT_CPU: 300 + DRONE_RESOURCE_REQUEST_CPU: 100 + DRONE_RESOURCE_LIMIT_MEMORY: 2048Mi + DRONE_RESOURCE_REQUEST_MEMORY: 512Mi +rbac: + buildNamespaces: + - drone-service diff --git a/badhouseplants/values/values.drone-runner-kube.yaml b/badhouseplants/values/values.drone-runner-kube.yaml index 2589a1c..0ce5ba2 100644 --- a/badhouseplants/values/values.drone-runner-kube.yaml +++ b/badhouseplants/values/values.drone-runner-kube.yaml @@ -1,6 +1,5 @@ --- env: - DRONE_RPC_SECRET: drone-rpc-sec DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https DRONE_NAMESPACE_DEFAULT: drone-service @@ -10,4 +9,4 @@ env: DRONE_RESOURCE_REQUEST_MEMORY: 512Mi rbac: buildNamespaces: - - drone-service \ No newline at end of file + - drone-service diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml index c668910..6324ef8 100644 --- a/badhouseplants/values/values.drone.yaml +++ b/badhouseplants/values/values.drone.yaml @@ -14,6 +14,5 @@ istio: env: DRONE_SERVER_HOST: drone.badhouseplants.net DRONE_SERVER_PROTO: https - DRONE_RPC_SECRET: drone-rpc-sec DRONE_GITEA_SERVER: https://git.badhouseplants.net DRONE_USER_CREATE: username:allanger,admin:true diff --git a/releases.yaml b/releases.yaml index dd5536c..29989da 100644 --- a/releases.yaml +++ b/releases.yaml @@ -145,8 +145,12 @@ templates: inherit: - template: default-env-values - template: ext-istio-resource - - + # ---------------------------- + # -- Drone + # ---------------------------- + drone-common: + labels: + bundle: drone drone: &drone name: drone chart: drone/drone @@ -155,6 +159,7 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + - template: drone-common drone-runner-kube: &drone-runner-kube name: drone-runner-kube @@ -163,6 +168,16 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: drone-common + + drone-runner-docker: &drone-runner-docker + name: drone-runner-docker + chart: drone/drone-runner-docker + version: 0.6.1 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: drone-common nrodionov: &nrodionov name: nrodionov