so glad that 1.0.0 and 1.1.0 had released. I tired to enable the k8s external secrets feature in my project but not work with the version 1.0.0-rc.6 / 1.0.0 / 1.1.0, please let me know if I missed something.
deploy.yaml
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: drone-rbac
subjects:
- kind: ServiceAccount
name: default
namespace: cd
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
namespace: cd
labels:
app: drone-server
spec:
replicas: 1
selector:
matchLabels:
app: drone-server
template:
metadata:
labels:
app: drone-server
spec:
containers:
- name: drone-secrets
image: drone/kubernetes-secrets:latest
imagePullPolicy: Always
env:
- name: SECRET_KEY
value: 558f3eacbfd5928157cbfe34823ab921
ports:
- name: http
containerPort: 3000
- name: drone-server
image: drone/drone:1.1.0
imagePullPolicy: Always
env:
- name: DRONE_KUBERNETES_ENABLED
value: "true"
- name: DRONE_KUBERNETES_NAMESPACE
value: cd
- name: DRONE_GITLAB_CLIENT_ID
value: dabde6f82c009320483267cf565e32a1ec82318310ced47fa6574eee0bccfa5f
- name: DRONE_GITLAB_SERVER
value: http://gitlab.your.com
- name: DRONE_GITLAB_CLIENT_SECRET
value: b9cf0f5c4206a1c19fbfec40c84056e3a5e6432a71450866fc7f345bc2642664
- name: DRONE_SERVER_HOST
value: drone.your.com
- name: DRONE_SERVER_PROTO
value: http
- name: DRONE_DATABASE_DRIVER
value: sqlite3
- name: DRONE_DATABASE_DATASOURCE
value: "/drone/drone.sqlite"
- name: DRONE_USER_CREATE
value: username:huangkaibin,admin:true
- name: DRONE_SECRET_SECRET
value: 558f3eacbfd5928157cbfe34823ab921
- name: DRONE_SECRET_ENDPOINT
value: http://localhost:3000
- name: DRONE_RPC_SECRET
value: 5bRDQ5YI8krbKoYGy7K330Ow
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
volumeMounts:
- name: drone-pvc
mountPath: "/drone"
volumes:
- name: drone-pvc
persistentVolumeClaim:
claimName: drone-pvc
restartPolicy: Always
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: drone-pvc
namespace: cd
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storageClassName: standard
---
kind: Service
apiVersion: v1
metadata:
name: drone-server-service
namespace: cd
spec:
selector:
app: drone-server
ports:
- protocol: TCP
port: 80
name: http
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: drone-ingress
namespace: cd
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
spec:
rules:
- host: drone.your.com
http:
paths:
- path: /
backend:
serviceName: drone-server-service
servicePort: 80
k8s secret
---
apiVersion: v1
kind: Secret
type: Opaque
data:
DOCKER_PASSWORD: MTIzMTIzYWJjCg==
password: MTIzMTIzYWJjCg==
username: MjQwNzMyNjQzQHFxLmNvbQo=
metadata:
name: drone-secrets
namespace: cd
.drone.yml
---
kind: pipeline
name: deploy
steps:
- name: print-env
image: plugins/docker
environment:
username:
from_secret: username
password:
from_secret: password
commands:
- echo $username
- echo $password
---
kind: secret
name: username
get:
path: drone-secrets
name: username
---
kind: secret
name: password
get:
path: drone-secrets
name: password
log is blank.
+ echo $username
+ echo $password
thx in advanced.