apiVersion: apps/v1
kind: Deployment
metadata:
name: drone
labels:
app: drone
component: web
app.kubernetes.io/name: drone
app.kubernetes.io/instance: drone
annotations:
ignore-check.kube-linter.io/run-as-non-root: "Not yet implemented"
spec:
selector:
matchLabels:
app: drone
component: web
template:
metadata:
labels:
app: drone
component: web
app.kubernetes.io/name: drone
app.kubernetes.io/instance: drone
spec:
containers:
- name: drone
image: drone/drone:2
imagePullPolicy: IfNotPresent
ports:
- name: http
protocol: TCP
containerPort: 80
env:
# Limit users permitted to use Drone, to prevent bitcoin mining :-/
- name: DRONE_USER_FILTER
value: rob
- name: DRONE_DATABASE_DRIVER
value: postgres
- name: DRONE_DATABASE_DATASOURCE
valueFrom:
secretKeyRef:
name: drone-credentials
key: database-url
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: drone-credentials
key: gitea-client-id
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: drone-credentials
key: gitea-client-secret
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: drone-credentials
key: rpc-secret
- name: DRONE_GITEA_SERVER
valueFrom:
configMapKeyRef:
name: drone-config
key: gitea-server
- name: DRONE_SERVER_HOST
valueFrom:
configMapKeyRef:
name: drone-config
key: server-host
- name: DRONE_SERVER_PROTO
valueFrom:
configMapKeyRef:
name: drone-config
key: server-proto
- name: DRONE_LOGS_DEBUG
valueFrom:
configMapKeyRef:
name: drone-config
key: logs-debug
- name: DRONE_MAX_POOL_SIZE
value: "1"
resources:
requests:
memory: "32Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "250m"
securityContext:
readOnlyRootFilesystem: true
livenessProbe:
failureThreshold: 10
httpGet:
path: /healthz
port: 80
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10