kubernetes & drone CI files

.drone.yml

@@ -0,0 +1,127 @@
+---
+kind: pipeline
+type: docker
+name: Build
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: Install dependencies
+    image: node:22-alpine3.20
+    commands:
+      - yarn
+
+  - name: Lint project
+    image: node:22-alpine3.20
+    commands:
+      - yarn lint || true
+
+  - name: Build
+    image: node:22-alpine3.20
+    commands:
+      - yarn build
+
+---
+kind: pipeline
+type: docker
+name: Publish
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: Publish to ghcr
+    image: plugins/docker
+    settings:
+      registry: ghcr.io
+      repo: ghcr.io/kevinmidboe/${DRONE_REPO_NAME}
+      dockerfile: Dockerfile
+      username:
+        from_secret: GITHUB_USERNAME
+      password:
+        from_secret: GHCR_UPLOAD_TOKEN
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA}
+
+trigger:
+  event:
+    include:
+      - push
+    exclude:
+      - pull_request
+  branch:
+    - main
+
+depends_on:
+  - Build
+
+---
+kind: pipeline
+type: docker
+name: Deploy
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: Prepare kubernetes environment
+    image: alpine/k8s:1.25.15
+    environment:
+      VAULT_TOKEN:
+        from_secret: VAULT_TOKEN
+      VAULT_HOST:
+        from_secret: VAULT_HOST
+    commands:
+      - mkdir -p /root/.kube
+      - echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env
+      - echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env
+      - 'curl -s
+        -H "X-Vault-Token: $VAULT_TOKEN"
+        $VAULT_HOST/v1/schleppe/data/kazan/_infra
+        | jq -r ".data.data.KUBE_CONFIG" > /root/.kube/config'
+      - 'curl -s
+        -H "X-Vault-Token: $VAULT_TOKEN"
+        $VAULT_HOST/v1/schleppe/data/kazan/_infra
+        | jq -cr ".data.data | .[\"ghcr-login-secret\"] | @base64" > /root/.kube/dockerconfig.json'
+      - echo "DOCKER_CONFIG=$(cat /root/.kube/dockerconfig.json)" >> /root/.kube/.env
+      - 'curl -s
+        -H "X-Vault-Token: $VAULT_TOKEN"
+        $VAULT_HOST/v1/schleppe/data/kazan/${DRONE_REPO_NAME}
+        | jq -cr ".data.data | to_entries[] | .key + \"=\" + (.value | @base64)" >> /root/.kube/.env'
+      - sed -i '/^$/!s/^/export /' /root/.kube/.env
+    volumes:
+      - name: kube-config
+        path: /root/.kube
+
+  - name: Deploy to kubernetes
+    image: alpine/k8s:1.25.15
+    commands:
+      - source /root/.kube/.env > /dev/null 2>&1
+      - cat .kubernetes/*.yml
+        | envsubst
+        | kubectl --kubeconfig=/root/.kube/config apply -f -
+    volumes:
+      - name: kube-config
+        path: /root/.kube
+
+trigger:
+  event:
+    include:
+      - push
+    exclude:
+      - pull_request
+  branch:
+    - main
+
+depends_on:
+  - Build
+  - Publish
+
+volumes:
+  - name: kube-config
+    temp: {}

.kubernetes/0-namespace.yml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${NAMESPACE}

.kubernetes/1-secret.yml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: secret-env-values
+  namespace: ${NAMESPACE}
+data:
+  PROXMOX_URL: ${PROXMOX_URL}
+  PROXMOX_TOKEN: ${PROXMOX_TOKEN}
+  HOMEASSISTANT_URL: ${HOMEASSISTANT_URL}
+  HOMEASSISTANT_TOKEN: ${HOMEASSISTANT_TOKEN}
+  TRAEFIK_URL: ${TRAEFIK_URL}

.kubernetes/deployment.yml

@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    deployment.kubernetes.io/revision: '1'
+  labels:
+    app: infra-map
+  name: infra-map
+  namespace: ${NAMESPACE}
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 2
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: infra-map
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: infra-map
+    spec:
+      containers:
+        - image: ${IMAGE}
+          imagePullPolicy: IfNotPresent
+          name: infra-map
+          envFrom:
+            - secretRef:
+                name: secret-env-values
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always

.kubernetes/ghcr-token-secret.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ghcr-login-secret
+  namespace: ${NAMESPACE}
+data:
+  .dockerconfigjson: ${DOCKER_CONFIG}
+type: kubernetes.io/dockerconfigjson

.kubernetes/ingress.yml

@@ -0,0 +1,19 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: infra-map-ingress
+  namespace: ${NAMESPACE}
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: infra.kazan.schleppe.cloud
+      http:
+        paths:
+          - backend:
+              service:
+                name: infra-map-service
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix

.kubernetes/service.yml

@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: infra-map
+  name: infra-map-service
+  namespace: ${NAMESPACE}
+spec:
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 3000
+  selector:
+    app: infra-map
+  sessionAffinity: None
+  type: ClusterIP
+status:
+  loadBalancer: {}