new gitops template

cluster/apps/development/drone-runner-kube/drone-runner-kube-secrets-helm-release.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: drone-kubernetes-secrets
+  namespace: development
+spec:
+  interval: 5m
+  chart:
+    spec:
+      # renovate: registryUrl=https://charts.drone.io
+      chart: drone-kubernetes-secrets
+      version: 0.1.1
+      sourceRef:
+        kind: HelmRepository
+        name: drone-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    rbac:
+      enabled: false
+    env:
+      KUBERNETES_NAMESPACE: development
+      SECRET_KEY: ${SECRET_DRONE_PLUGIN_TOKEN}

cluster/apps/development/drone-runner-kube/helm-release.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: drone-runner-kube
+  namespace: development
+spec:
+  interval: 5m
+  chart:
+    spec:
+      # renovate: registryUrl=https://charts.drone.io
+      chart: drone-runner-kube
+      version: 0.1.5
+      sourceRef:
+        kind: HelmRepository
+        name: drone-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    image:
+      repository: drone/drone-runner-kube
+      tag: 1.0.0-beta.6
+    env:
+      DRONE_RPC_SECRET: ${SECRET_DRONE_RPC_SECRET}
+      DRONE_RPC_PROTO: http
+      DRONE_SECRET_PLUGIN_TOKEN: ${SECRET_DRONE_PLUGIN_TOKEN}
+      DRONE_NAMESPACE_DEFAULT: development
+      DRONE_RPC_HOST: drone
+      DRONE_SECRET_PLUGIN_ENDPOINT: http://drone-kubernetes-secrets:3000
+    rbac:
+      buildNamespaces:
+        - development

cluster/apps/development/drone-runner-kube/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - drone-runner-kube-secrets-helm-release.yaml
+  - helm-release.yaml
+  - rbac.yaml

cluster/apps/development/drone-runner-kube/rbac.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: drone-kubernetes-secrets
+  namespace: development
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: drone-kubernetes-secrets
+  namespace: development
+subjects:
+  - kind: ServiceAccount
+    name: drone-kubernetes-secrets
+roleRef:
+  kind: Role
+  name: drone-kubernetes-secrets
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: drone-edit
+  namespace: media
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: development
+roleRef:
+  kind: ClusterRole
+  name: edit
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: drone-edit
+  namespace: data
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: development
+roleRef:
+  kind: ClusterRole
+  name: edit
+  apiGroup: rbac.authorization.k8s.io