From 4df81101ad6c2f7df6ae5a159294cfd5b90aaee2 Mon Sep 17 00:00:00 2001 From: Massaki Archambault Date: Thu, 2 Sep 2021 00:00:42 -0400 Subject: [PATCH] tweak resource requests/limits, fix drone persistence --- .../bases/drone/drone-runner-deployment.yaml | 8 +++--- .../bases/drone/drone-server-deployment.yaml | 28 ++++++++++++++++++- kustomize/bases/drone/kustomization.yaml | 1 + .../bases/nextcloud/nextcloud-deployment.yaml | 8 +++--- .../traefik/traefik-helmchartconfig.yaml | 1 + kustomize/overlays/prod/kustomization.yaml | 1 + 6 files changed, 38 insertions(+), 9 deletions(-) diff --git a/kustomize/bases/drone/drone-runner-deployment.yaml b/kustomize/bases/drone/drone-runner-deployment.yaml index fadd766..c706785 100644 --- a/kustomize/bases/drone/drone-runner-deployment.yaml +++ b/kustomize/bases/drone/drone-runner-deployment.yaml @@ -38,11 +38,11 @@ spec: containerPort: 3000 resources: requests: - cpu: 1000m - memory: 1Gi + cpu: 250m + memory: 250Mi limits: - cpu: 2000m - memory: 2Gi + cpu: 500m + memory: 500Mi --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/kustomize/bases/drone/drone-server-deployment.yaml b/kustomize/bases/drone/drone-server-deployment.yaml index 3a2684e..df2065b 100644 --- a/kustomize/bases/drone/drone-server-deployment.yaml +++ b/kustomize/bases/drone/drone-server-deployment.yaml @@ -6,6 +6,9 @@ metadata: app.kubernetes.io/name: drone app.kubernetes.io/component: server spec: + replicas: 1 + strategy: + type: Recreate selector: matchLabels: app.kubernetes.io/name: drone @@ -43,16 +46,39 @@ spec: secretKeyRef: name: drone-secret key: rpc_secret + - name: DRONE_DATABASE_SECRET + valueFrom: + secretKeyRef: + name: drone-secret + key: database_secret ports: - name: http containerPort: 80 resources: requests: - cpu: 500m + cpu: 250m memory: 250Mi limits: cpu: 500m memory: 500Mi + volumeMounts: + - mountPath: /data + name: drone-server-pv + volumes: + - name: drone-server-pv + persistentVolumeClaim: + claimName: drone-server-pvc +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: drone-server-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi --- apiVersion: v1 kind: Service diff --git a/kustomize/bases/drone/kustomization.yaml b/kustomize/bases/drone/kustomization.yaml index 570f115..4d879ae 100644 --- a/kustomize/bases/drone/kustomization.yaml +++ b/kustomize/bases/drone/kustomization.yaml @@ -8,6 +8,7 @@ secretGenerator: type: Opaque literals: - rpc_secret=changeme + - database_secret=changeme - name: drone-gitea-oauth-secret type: Opaque literals: diff --git a/kustomize/bases/nextcloud/nextcloud-deployment.yaml b/kustomize/bases/nextcloud/nextcloud-deployment.yaml index 16990be..55630ad 100644 --- a/kustomize/bases/nextcloud/nextcloud-deployment.yaml +++ b/kustomize/bases/nextcloud/nextcloud-deployment.yaml @@ -66,11 +66,11 @@ spec: containerPort: 80 resources: requests: - cpu: 750m - memory: 1Gi + cpu: 1500m + memory: 1.5Gi limits: - cpu: 1000m - memory: 1Gi + cpu: 2000m + memory: 2Gi volumeMounts: - name: nextcloud-pv mountPath: /var/www/html diff --git a/kustomize/bases/traefik/traefik-helmchartconfig.yaml b/kustomize/bases/traefik/traefik-helmchartconfig.yaml index c4fa3f0..b6bf4ef 100644 --- a/kustomize/bases/traefik/traefik-helmchartconfig.yaml +++ b/kustomize/bases/traefik/traefik-helmchartconfig.yaml @@ -6,6 +6,7 @@ spec: valuesContent: |- additionalArguments: - '--entryPoints.web.forwardedHeaders.insecure' + - '--entryPoints.websecure.forwardedHeaders.insecure' - '--serversTransport.insecureSkipVerify=true' - '--metrics.prometheus=true' ports: diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml index 5157c45..297a3ec 100644 --- a/kustomize/overlays/prod/kustomization.yaml +++ b/kustomize/overlays/prod/kustomization.yaml @@ -31,6 +31,7 @@ secretGenerator: behavior: replace literals: - rpc_secret=${ssm:/k3s/prod/drone/gitea/rpc_secret} + - database_secret=${ssm:/k3s/prod/drone/gitea/database_secret} # https://docs.drone.io/server/provider/gitea/ - name: drone-gitea-oauth-secret type: Opaque