Updated drone ci

NGINX_ING.md

@@ -0,0 +1,5 @@
+# Nginx Ingress Controller
+
+```shell
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml
+```

README.md

@@ -199,7 +199,7 @@ kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
 
 #### Kubernetes Dashboard
 ```shell
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
 ```
 - Proxy for kubernetes dashboard
 ```shell

drone-runner/deployment.yaml

@@ -1,11 +1,12 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  namespace: default
   name: drone
   labels:
     app.kubernetes.io/name: drone
 spec:
-  replicas: 1
+  replicas: 2
   selector:
     matchLabels:
       app.kubernetes.io/name: drone
@@ -15,14 +16,14 @@ spec:
         app.kubernetes.io/name: drone
     spec:
       containers:
-      - name: runner
+        - name: runner
-        image: drone/drone-runner-kube:latest
+          image: drone/drone-runner-kube:latest
-        ports:
+          ports:
-        - containerPort: 3000
+            - containerPort: 3000
-        env:
+          env:
-        - name: DRONE_RPC_HOST
+            - name: DRONE_RPC_HOST
-          value: dci.osa.cubetiqs.com
+              value: dci.cubetiqs.com
-        - name: DRONE_RPC_PROTO
+            - name: DRONE_RPC_PROTO
-          value: https
+              value: https
-        - name: DRONE_RPC_SECRET
+            - name: DRONE_RPC_SECRET
-          value: super-duper-secret
+              value: 1a6c2d8b6fac4bf9351e5149c39e7fc4

drone-runner/role.yaml

@@ -4,25 +4,25 @@ metadata:
   namespace: default
   name: drone
 rules:
-- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - secrets
+      - secrets
-  verbs:
+    verbs:
-  - create
+      - create
-  - delete
+      - delete
-- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - pods
+      - pods
-  - pods/log
+      - pods/log
-  verbs:
+    verbs:
-  - get
+      - get
-  - create
+      - create
-  - delete
+      - delete
-  - list
+      - list
-  - watch
+      - watch
-  - update
+      - update
 
 ---
 kind: RoleBinding
@@ -31,9 +31,9 @@ metadata:
   name: drone
   namespace: default
 subjects:
-- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: default
+    name: default
-  namespace: default
+    namespace: default
 roleRef:
   kind: Role
   name: drone

mysql/mysql-cluster.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mysql
+---
+apiVersion: mysql.oracle.com/v2alpha1
+kind: InnoDBCluster
+metadata:
+  name: mysql-cluster
+  namespace: mysql
+spec:
+  secretName: mysql-secret
+  instances: 3
+  router:
+    instances: 1

portainer.md

@@ -0,0 +1,6 @@
+# Install Portainer
+```shell
+helm install --create-namespace -n portainer portainer portainer/portainer \
+    --set service.type=LoadBalancer \
+    --set tls.force=true
+```

rbac/.gitignore

@@ -0,0 +1 @@
+developer-user.yaml

rbac/README.md

@@ -0,0 +1,74 @@
+# Create RBAC for specific namespace
+
+- Apply RBAC for specific namespace
+
+```shell
+k apply -f access.yaml
+```
+
+- Get Details of RBAC
+
+```shell
+k describe sa developer -n developer-dev
+```
+
+- Get Token from RBAC
+
+```shell
+k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data.token}" | base64 -d
+```
+
+- Get Certificate from RBAC
+
+```shell
+k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data['ca\.crt']}"
+```
+
+- Create kube config file
+
+```yaml
+apiVersion: v1
+kind: Config
+preferences: {}
+ cluster:
+      certificate-authority-data: PLACE CERTIFICATE HERE
+      server: https://YOUR_KUBERNETES_API_ENDPOINT
+    name: developer-cluster
+
+users:
+  - name: developer
+    user:
+      as-user-extra: {}
+      client-key-data: PLACE CERTIFICATE HERE
+      token: PLACE USER TOKEN HERE
+
+contexts:
+  - context:
+      cluster: kubernetes
+      namespace: developer-dev
+      user: developer
+    name: developer-dev
+
+current-context: developer-dev
+clusters:
+  - cluster:
+      certificate-authority-data: PLACE CERTIFICATE HERE
+      server: https://YOUR_KUBERNETES_API_ENDPOINT
+    name: developer-cluster
+
+users:
+  - name: developer
+    user:
+      as-user-extra: {}
+      client-key-data: PLACE CERTIFICATE HERE
+      token: PLACE USER TOKEN HERE
+
+contexts:
+  - context:
+      cluster: kubernetes
+      namespace: developer-dev
+      user: developer
+    name: developer-dev
+
+current-context: developer-dev
+```

rbac/access.yaml

@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app: developer-dev
+  name: developer-dev
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: developer
+  namespace: developer-dev
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: developer-full-access
+  namespace: developer-dev
+rules:
+  - apiGroups: ["", "extensions", "apps"]
+    resources: ["*"]
+    verbs: ["*"]
+  - apiGroups: ["batch"]
+    resources:
+      - jobs
+      - cronjobs
+    verbs: ["*"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: developer-view
+  namespace: developer-dev
+subjects:
+  - kind: ServiceAccount
+    name: developer
+    namespace: developer-dev
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: developer-full-access

sc-provider/local-path.md

@@ -0,0 +1,4 @@
+# Install Local Path
+```shell
+kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
+```