DroneCI in Kubernetes
namespace.yaml:
yaml
apiVersion: v1
kind: Namespace
metadata:
name: commondrone-server-deployment.yaml:
yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: drone-pv
namespace: common
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /root/kubernetes/common/droneci/data # 注意修改次处路径
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-pvc
namespace: common
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: drone-env
namespace: common
data:
# DRONE_GITEE_SERVER: "https://gitee.com"
# DRONE_GITEE_API_SERVER: "https://gitee.com/api/v5"
DRONE_SERVER_PROTO: "https"
DRONE_SERVER_HOST: "your.domain.com" # 写入你的域名
DRONE_USER_CREATE: "username:yourusername,admin:true" # yourusername改为你的 Gitee 用户名
DRONE_USER_FILTER: "yourusername" # 你的 Gitee 用户名
DRONE_LOGS_TRACE: "false"
---
apiVersion: v1
kind: Secret
metadata:
name: drone-secrets
namespace: common
type: Opaque
data:
DRONE_GITEE_CLIENT_ID: # 在此处补充 Secret
DRONE_GITEE_CLIENT_SECRET: # 在此处补充 Secret
DRONE_RPC_SECRET: # 在此处补充 Secret
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
namespace: common
spec:
replicas: 1
selector:
matchLabels:
app: drone-server
template:
metadata:
labels:
app: drone-server
spec:
containers:
- name: drone-server
image: drone/drone:2.25.0
imagePullPolicy: Always
ports:
- containerPort: 80
volumeMounts:
- name: drone-server-sqlite-db
mountPath: /data
envFrom:
- configMapRef:
name: drone-env
env:
- name: DRONE_GITEE_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-secrets
key: DRONE_GITEE_CLIENT_ID
- name: DRONE_GITEE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-secrets
key: DRONE_GITEE_CLIENT_SECRET
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secrets
key: DRONE_RPC_SECRET
volumes:
- name: drone-server-sqlite-db
persistentVolumeClaim:
claimName: drone-pvc
---
apiVersion: v1
kind: Service
metadata:
name: drone-service
namespace: common
spec:
selector:
app: drone-server
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
type: ClusterIPdrone-runner-deployment.yaml:
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
namespace: common
labels:
app: drone-runner
spec:
replicas: 1
selector:
matchLabels:
app: drone-runner
template:
metadata:
labels:
app: drone-runner
spec:
serviceAccountName: drone-runner-sa # 使用专用 ServiceAccount
containers:
- name: runner
image: drone/drone-runner-kube:1.0.0-rc.3
envFrom:
- configMapRef:
name: drone-runner-env
env:
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-secrets
key: DRONE_RPC_SECRET
resources: # 限制资源
requests:
cpu: "1000m"
memory: "1Gi"
limits:
cpu: "2000m"
memory: "2Gi"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: drone-runner-env
namespace: common
data:
DRONE_RPC_PROTO: "http"
DRONE_RPC_HOST: "drone-service.common.svc.cluster.local"
DRONE_NAMESPACE_DEFAULT: "common"
DRONE_RUNNER_CAPACITY: "2"
DRONE_RUNNER_NAME: "drone-runner"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner-role
namespace: common
rules:
- apiGroups: [ "" ] # 指定空字符串表示核心 API 组
resources: [ "secrets" ]
verbs: [ "create","delete","get","list","watch" ]
- apiGroups: [ "" ]
resources: [ "pods","pods/log" ]
verbs: [ "get","create","delete","list","watch","update" ]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner-binding
namespace: common
subjects:
- kind: ServiceAccount
name: drone-runner-sa
namespace: common
roleRef:
kind: Role
name: drone-runner-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: drone-runner-sa
namespace: common
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: drone-runner-binding
namespace: job-application
subjects:
- kind: ServiceAccount
name: drone-runner-sa
namespace: common
roleRef:
kind: Role
name: drone-runner-role
apiGroup: rbac.authorization.k8s.io