diff --git a/.drone.yml b/.drone.yml index da4764b..ad4b9c9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -2,7 +2,6 @@ kind: pipeline type: docker name: default -service_account_name: dronesome-app steps: - name: lint @@ -11,56 +10,32 @@ steps: - pip3 install yamllint==1.29.0 - yamllint . - # yamllint disable rule:line-length - # - name: deploy - # image: alpine/k8s:1.31.2 - # environment: - # CACRT: - # from_secret: clusterprism_some-app_kubernetes_ca_cert - # TOKEN: - # from_secret: clusterprism_some-app_kubernetes_token - # # yamllint disable rule:line-length - # commands: - # - kubectl config set-cluster clusterprism --server=https://192.168.1.201:6443 - # - kubectl config set-credentials drone-some-app --token=$TOKEN - # - kubectl config set-context clusterprism --user=drone-some-app --cluster=clusterprism - # - kubectl config use-context clusterprism - # - echo $CACRT > cacert.pem - # - kubectl config set-context clusterprism --certificate-authority=cacert.pem - # - kubectl config set clusters.clusterprism.insecure-skip-tls-verify true - # - helm repo add bjw-s https://bjw-s.github.io/helm-charts - # - helm upgrade some-app --install bjw-s/app-template -n localassist -f clusterprism_some-app_values.yaml --version 3.6.1 - # # yamllint enable rule:line-length - # when: - # branch: - # - main - # yamllint enable rule:line-length - - - # yamllint disable rule:line-length - # - name: rawkubectl - # image: alpine/k8s:1.31.2 - # environment: - # CACRT: - # from_secret: clusterprism_some-app_ca_cert - # TOKEN: - # from_secret: clusterprism_some-app_kubernetes_token - # commands: - # - 'kubectl config set-cluster clusterprism - # --server=https://192.168.1.201:6443' - # - kubectl config set-credentials dronesome-app --token=$TOKEN - # - 'kubectl config set-context clusterprism - # --user=dronesome-app --cluster=clusterprism' - # - kubectl config use-context clusterprism - # - echo $CACRT > cacert.pem - # - 'kubectl config set-context clusterprism - # --certificate-authority=cacert.pem' - # - kubectl config set clusters.clusterprism.insecure-skip-tls-verify true - # - kubectl apply -f raw_kubectl/manifest.yml - # when: - # branch: - # - main - # yamllint enable rule:line-length- name: rawkubectl + - name: deploy + image: alpine/k8s:1.31.2 + environment: + CACRT: + from_secret: clusterprism_halloween_kubernetes_ca_cert + TOKEN: + from_secret: clusterprism_halloween_kubernetes_token + commands: + - kubectl config set-cluster clusterprism --server=https://192.168.1.201:6443 + - kubectl config set-credentials drone-halloween --token=$TOKEN + - | + kubectl config set-context clusterprism --user=drone-halloween + --cluster=clusterprism + - kubectl config use-context clusterprism + - echo $CACRT > cacert.pem + - | + kubectl config set-context clusterprism + --certificate-authority=cacert.pem + - kubectl config set clusters.clusterprism.insecure-skip-tls-verify true + - helm repo add bjw-s https://bjw-s.github.io/helm-charts + - | + helm upgrade halloween-static-site --install onechart/static-site + -n halloween -f clusterprism_halloween_values.yaml + when: + branch: + - main - name: notify image: plugins/webhook diff --git a/clusterprism_halloween_values.yaml b/clusterprism_halloween_values.yaml new file mode 100644 index 0000000..c04f95f --- /dev/null +++ b/clusterprism_halloween_values.yaml @@ -0,0 +1,47 @@ +--- +podSecurityContext: + runAsUser: 2000 + runAsGroup: 2000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + runAsNonRoot: true + +securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + seccompProfile: + type: "RuntimeDefault" + +ingress: + host: halloween.dajeffers.com + ingressClassName: nginx + tlsEnabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-cloudflare-prod + +resources: + requests: + cpu: null + memory: 200Mi + limits: + cpu: 200m + memory: 200Mi + +# values to build and deploy static sites +gitCloneUrl: ssh://git@git.sadmin.pro:2222/DaJeffers/halloween.dajeffers.com.git +buildScript: | + # !/usr/bin/env bash + # pre -reqs + apt-get update && apt-get install -y wget + # Setting up Hugo + wget https://github.com/gohugoio/hugo/releases/download/v0.145.0/hugo_0.145.0_linux-arm64.tar.gz && + tar -xzf hugo_0.145.0_linux-arm64.tar.gz && + chmod +x hugo + ./hugo + +vars: + TZ: 'America/New_York' diff --git a/clusterprism_helm_values.yaml b/clusterprism_helm_values.yaml deleted file mode 100644 index 3399f1f..0000000 --- a/clusterprism_helm_values.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -controllers: - some-app: - containers: - app: - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - capabilities: - drop: - - ALL - seccompProfile: - type: "RuntimeDefault" - image: - repository: some/image - tag: latest - args: - - some - - argument - env: - TZ: America/New_York - probes: &probes - liveness: - enabled: true - readiness: - enabled: true - startup: - enabled: true - spec: - failureThreshold: 30 - periodSeconds: 5 - resources: - limits: - memory: 3Gi - requests: - cpu: 100m - memory: 500Mi - pod: - securityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: "OnRootMismatch" - runAsNonRoot: true - -service: - app: - controller: some-app - ports: - http: - port: 42069 - protocol: TCP - -# -- Configure persistence settings for the chart under this key. -persistence: - config: - type: persistentVolumeClaim - accessMode: ReadWriteOnce - size: 1Gi - globalMounts: - - path: /data