diff --git a/.drone.yml b/.drone.yml index 714c433..929e4da 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,7 +1,7 @@ --- kind: pipeline type: docker -name: Build +name: Publish platform: os: linux @@ -17,18 +17,19 @@ steps: username: from_secret: GITHUB_USERNAME password: - from_secret: GITHUB_PASSWORD + from_secret: GHCR_UPLOAD_TOKEN tags: - latest - ${DRONE_COMMIT_SHA} - when: - event: - include: - - push - exclude: - - pull_request - branch: - - main + +trigger: + event: + include: + - push + exclude: + - pull_request + branch: + - main --- kind: pipeline @@ -40,26 +41,64 @@ platform: arch: amd64 steps: - - name: Deploy to kubernetes + - name: Prepare kubernetes environment image: alpine/k8s:1.25.15 commands: - mkdir -p /root/.kube - - echo $KUBE_CONFIG | base64 -di > /root/.kube/config - - export IMAGE=ghcr.io/kevinmidboe/cloudflare-ddns:${DRONE_COMMIT_SHA} + - echo "NAMESPACE=${DRONE_REPO_NAME}" > /root/.kube/variables.env + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/_infra + | jq -r ".data.data.KUBE_CONFIG" > /root/.kube/config' + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/_infra + | jq -r ".data | .data | .[\"ghcr-login-secret\"]" > /root/.kube/dockerconfig.json' + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/${DRONE_REPO_NAME} + | jq -cr ".data.data | to_entries[] | .key + \"=\" + (.value | @base64)" >> /root/.kube/variables.env' + environment: + VAULT_TOKEN: + from_secret: VAULT_TOKEN + VAULT_HOST: + from_secret: VAULT_HOST + volumes: + - name: kube-config + path: /root/.kube + + - name: Deploy to kubernetes + image: alpine/k8s:1.25.15 + commands: + - export DOCKER_CONFIG_BASE64=$(cat /root/.kube/dockerconfig.json | tr -d "\n\t " | base64 -w 0) + - export IMAGE="ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" + - sed -i '/^$/!s/^/export /' /root/.kube/variables.env + - source /root/.kube/variables.env > /dev/null 2>&1 - cat .kubernetes/*.yml | envsubst | kubectl --kubeconfig=/root/.kube/config apply -f - - environment: - KUBE_CONFIG: - from_secret: KUBE_CONFIG - when: - event: - include: - - push - exclude: - - pull_request - branch: - - main + volumes: + - name: kube-config + path: /root/.kube + +trigger: + event: + include: + - push + exclude: + - pull_request + branch: + - main depends_on: - - Build + - Publish + +volumes: +- name: kube-config + temp: {} + +--- +kind: signature +hmac: 4b290c54b9fb5f4951a6501ce97c14ffb79fd57464547e4dda75560ed0d57e7c + +... diff --git a/.kubernetes/1-secret.yml b/.kubernetes/1-secret.yml new file mode 100644 index 0000000..53386e0 --- /dev/null +++ b/.kubernetes/1-secret.yml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: secret-env-values + namespace: cloudflare-ddns +data: + DDNS_ZONE: ${DDNS_ZONE} + API_KEY: ${API_KEY} diff --git a/.kubernetes/cronjob.yml b/.kubernetes/cronjob.yml index b2d95b6..760cac6 100644 --- a/.kubernetes/cronjob.yml +++ b/.kubernetes/cronjob.yml @@ -1,3 +1,4 @@ +--- apiVersion: batch/v1 kind: CronJob metadata: diff --git a/.kubernetes/ghcr-token-secret.yml b/.kubernetes/ghcr-token-secret.yml new file mode 100644 index 0000000..0165555 --- /dev/null +++ b/.kubernetes/ghcr-token-secret.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ghcr-login-secret + namespace: ${NAMESPACE} +data: + .dockerconfigjson: ${DOCKER_CONFIG_BASE64} +type: kubernetes.io/dockerconfigjson