Add Kubernetes manifests for Drone application including PVC, RBAC, Service, Deployment, and SealedSecret

cluster/apps/drone/drone-pvc.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: longhorn-drone
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi

cluster/apps/drone/drone-rbac.yml

@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: default
+  name: drone
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - create
+  - delete
+  - list
+  - watch
+  - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: default
+roleRef:
+  kind: Role
+  name: drone
+  apiGroup: rbac.authorization.k8s.io

cluster/apps/drone/drone-svc.yml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: drone-server-service
+  namespace: default
+spec:
+  selector:
+    app.kubernetes.io/name: drone
+  type: LoadBalancer
+  ports:
+  - port: 4338
+    targetPort: 443
+    protocol: TCP

cluster/apps/drone/drone.yml

@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone
+  labels:
+    app.kubernetes.io/name: drone
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: drone
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: drone
+    spec:
+      initContainers:
+        - name: wait-for-gitea
+          image: busybox
+          command:
+          - sh
+          - -c
+          - |
+            while ! nc -z gitea-int-service 3000; do
+              echo "Waiting for Gitea to be ready..."
+              sleep 5
+            done
+            echo "Gitea is ready!"
+        - name: drone-server
+          image: drone/drone:2
+          restartPolicy: Always
+          env:
+          - name: DRONE_GITEA_SERVER
+            value: "https://gitea-int-service:3000"
+          - name: DRONE_GITEA_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: drone-gitea-secrets
+                key: client_id
+          - name: DRONE_GITEA_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: drone-gitea-secrets
+                key: client_secret
+          - name: DRONE_RPC_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: drone-gitea-secrets
+                key: rpc_secret
+          - name: DRONE_SERVER_HOST
+            value: "drone-server-service:4338"
+          - name: DRONE_SERVER_PROTO
+            value: "http"
+          volumeMounts:
+          - name: drone-data
+            mountPath: /data
+      containers:
+      - name: drone-runner
+        image: drone/drone-runner-kube:latest
+        env:
+        - name: DRONE_RPC_SERVER
+          value: "http://drone-server-service:4338"
+        - name: DRONE_RPC_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: drone-gitea-secrets
+              key: rpc_secret
+        - name: DRONE_RPC_HOST
+          value: "drone-server-service:4338"
+        - name: DRONE_RPC_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: drone-gitea-secrets
+              key: rpc_secret
+      volumes:
+      - name: drone-data
+        persistentVolumeClaim:
+          claimName: longhorn-drone