add drone quanxian

drone/README.md

@@ -83,3 +83,7 @@ Drone外部访问配置：
 - 需要先在Gitea中配置OAuth应用
 - 所有服务都运行在 `default` 命名空间
 - 使用相同的TLS证书确保HTTPS访问
+
+
+在Gitea中提交代码
+在drone中点击同步

drone/drone-pipeline-serviceaccount.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: drone-pipeline
+  namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: drone-pipeline
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "deployments", "replicasets", "secrets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "replicasets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: drone-pipeline
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: drone-pipeline
+subjects:
+- kind: ServiceAccount
+  name: drone-pipeline
+  namespace: default

drone/drone-runner-deployment.yaml

@@ -13,6 +13,7 @@ spec:
       labels:
         app: drone-runner
     spec:
+      serviceAccountName: drone-pipeline
       nodeSelector:
         node-role.kubernetes.io/control-plane: "true"
       containers:

drone/install-drone.sh

@@ -1,7 +1,12 @@
 #!/bin/bash
 echo "开始安装 Drone..."
 
+# 创建必要的目录
+echo "创建Drone数据目录..."
+ssh -i ~/.ssh/id_rsa_newinstall -p 2222 th@47.117.247.14 "sudo mkdir -p /opt/drone/data && sudo chown -R 1000:1000 /opt/drone"
+
 # 应用所有yaml文件
+kubectl apply -f drone-pipeline-serviceaccount.yaml
 kubectl apply -f drone-server-deployment.yaml
 kubectl apply -f drone-server-service.yaml
 kubectl apply -f drone-runner-deployment.yaml