fix(README): add note about changed chart repo

support for ephemeral storage

.drone.yml

@@ -11,36 +11,47 @@ steps:
 - name: helm lint
   commands:
   - helm lint
-  image: quay.io/helmpack/chart-testing:latest
+  image: docker.io/volkerraschek/helm:3.10.2
   resources:
     limits:
-      cpu: 50
-      memory: 50M
+      cpu: 150
+      memory: 150M
 
 - name: markdown lint
   commands:
   - markdownlint *.md
-  image: docker.io/tmknom/markdownlint:0.23.1
+  image: docker.io/volkerraschek/markdownlint:0.32.2
   resources:
     limits:
-      cpu: 50
-      memory: 50M
+      cpu: 150
+      memory: 150M
+
+- name: helm template
+  commands:
+  - helm template .
+  image: docker.io/volkerraschek/helm:3.10.2
+  resources:
+    limits:
+      cpu: 150
+      memory: 150M
 
 - name: email-notification
   environment:
-    PLUGIN_HOST:
+    SMTP_FROM_ADDRESS:
+      from_secret: smtp_from_address
+    SMTP_FROM_NAME:
+      from_secret: smtp_from_name
+    SMTP_HOST:
       from_secret: smtp_host
-    PLUGIN_USERNAME:
+    SMTP_USERNAME:
       from_secret: smtp_username
-    PLUGIN_PASSWORD:
+    SMTP_PASSWORD:
       from_secret: smtp_password
-    PLUGIN_FROM:
-      from_secret: smtp_mail_address
-  image: docker.io/drillster/drone-email:latest
+  image: docker.io/volkerraschek/drone-email:0.1.1
   resources:
     limits:
-      cpu: 50
-      memory: 25M
+      cpu: 150
+      memory: 150M
   when:
     status:
     - changed
@@ -54,48 +65,30 @@ trigger:
 ---
 kind: pipeline
 type: kubernetes
-name: sync
+name: release
 
 platform:
   os: linux
-  arch: amd64
 
 steps:
-- name: github
-  image: docker.io/appleboy/drone-git-push:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 25M
-  settings:
-    branch: master
-    remote: ssh://git@github.com/volker-raschek/drone-charts.git
-    force: true
-    ssh_key:
-      from_secret: ssh_key
-
-- name: email-notification
+- name: release-helm-chart
+  commands:
+  - helm repo add drone https://charts.cryptic.systems/drone
+  - helm package --version ${DRONE_TAG} .
+  - helm cm-push ${DRONE_REPO_NAME%-charts}-${DRONE_TAG}.tgz drone
   environment:
-    PLUGIN_HOST:
-      from_secret: smtp_host
-    PLUGIN_USERNAME:
-      from_secret: smtp_username
-    PLUGIN_PASSWORD:
-      from_secret: smtp_password
-    PLUGIN_FROM:
-      from_secret: smtp_mail_address
-  image: docker.io/drillster/drone-email:latest
+    HELM_REPO_PASSWORD:
+      from_secret: helm_repo_password
+    HELM_REPO_USERNAME:
+      from_secret: helm_repo_username
+  image: docker.io/volkerraschek/helm:3.10.2
   resources:
     limits:
-      cpu: 50
-      memory: 25M
-  when:
-    status:
-    - changed
-    - failure
+      cpu: 150
+      memory: 150M
 
 trigger:
   event:
-  - push
+  - tag
   repo:
   - volker.raschek/drone-charts

.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = false

.gitignore

@@ -1 +1,3 @@
-runner
+*.tgz
+values2.yml
+values2.yaml

.helmignore

@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# drone
+.drone.yml
+# markdownlint
+.markdownlint.yaml
+# customized values
+values2.yml
+values2.yaml
+# helm packages
+*.tgz

Chart.yaml

@@ -2,18 +2,20 @@ apiVersion: v2
 name: drone
 description: Drone Helm chart for Kubernetes
 type: application
-version: 0.1.0
-appVersion: 2.0.4
+version: "0.7.1"
+appVersion: "2.15.0"
 icon: https://readme.drone.io/logo.svg
 
 keywords:
-- git
+- continuous-delivery
+- continuous-deployment
+- continuous-integration
 - drone
 - drone-runner
-- ci
-- cd
+- git
+
 sources:
-- https://git.cryptic.systems/volker.raschek/drone-charts
+- https://github.com/volker-raschek/drone-charts
 - https://github.com/drone/drone
 - https://hub.docker.com/r/drone/drone
 

README.md

@@ -1,26 +1,39 @@
 # drone-charts
 
 [![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/drone-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/drone-charts)
-[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/drone-ce)](https://artifacthub.io/packages/search?repo=drone-ce)
 
 This is an inofficial helm chart for [drone](https://github.com/drone/drone) and
-should replace the official unmainted helm chart
-[repository](https://github.com/drone/charts). The official does not support
-version `v2` of drone.
+was created because the official helmet chart was not maintained for a long
+time - [Issue](https://github.com/drone/charts/issues/46).
 
-This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and
-can be installed via helm.
+This helm chart is maintained by contributors and myself. It is listed on
+[artifacthub.io](https://artifacthub.io/) and can be installed via helm:
+
+> The repository has been changed and causes error messages when interacting
+> with the old repository definition. Please remove the chart repo
+> `volker.raschek` and replace it with `drone`.
 
 ```bash
-helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek
-helm install drone volker.raschek/drone
+helm repo add drone https://charts.cryptic.systems/drone
+helm install drone drone/drone
 ```
 
 ## Customization
 
 All [configuration options](https://docs.drone.io/server/reference/) can be
 defined in the `values.yml` file below the `config` section. Alternatively can
-be the options passed via the `--set` flag of the `helm install` command.
+be the options passed via the `--set` flag of the `helm install` command. For
+example:
+
+```bash
+helm install drone drone/drone \
+  --set config.DRONE_RPC_SECRET-${DRONE_RPC_SECRET} \
+  --set config.DRONE_GITHUB_CLIENT_ID=${DRONE_GITHUB_CLIENT_ID} \
+  --set config.DRONE_GITHUB_CLIENT_SECRET=${DRONE_GITHUB_CLIENT_SECRET}
+```
+
+### List of config options
 
 | value                                                   | reference                                                                                 |
 | ------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
@@ -41,6 +54,7 @@ be the options passed via the `--set` flag of the `helm install` command.
 | `config.DRONE_CRON_INTERVAL`                            | [Documentation](https://docs.drone.io/server/reference/drone-cron-interval)               |
 | `config.DRONE_DATABASE_DATASOURCE`                      | [Documentation](https://docs.drone.io/server/reference/drone-database-datasource)         |
 | `config.DRONE_DATABASE_DRIVER`                          | [Documentation](https://docs.drone.io/server/reference/drone-database-driver)             |
+| `config.DRONE_DATABASE_MAX_CONNECTIONS`                 | [Documentation](https://docs.drone.io/server/reference/drone_database-max-connections)    |
 | `config.DRONE_DATABASE_SECRET`                          | [Documentation](https://docs.drone.io/server/reference/drone-database-secret)             |
 | `config.DRONE_GIT_ALWAYS_AUTH`                          | [Documentation](https://docs.drone.io/server/reference/drone-git-always-auth)             |
 | `config.DRONE_GIT_PASSWORD`                             | [Documentation](https://docs.drone.io/server/reference/drone-git-password)                |
@@ -48,6 +62,11 @@ be the options passed via the `--set` flag of the `helm install` command.
 | `config.DRONE_GITEA_CLIENT_ID`                          | [Documentation](https://docs.drone.io/server/reference/drone-gitea-client-id)             |
 | `config.DRONE_GITEA_CLIENT_SECRET`                      | [Documentation](https://docs.drone.io/server/reference/drone-gitea-client-secret)         |
 | `config.DRONE_GITEA_SERVER`                             | [Documentation](https://docs.drone.io/server/reference/drone-gitea-server)                |
+| `config.DRONE_GITEA_SKIP_VERIFY`                        | [Documentation](https://docs.drone.io/server/reference/drone-gitea-skip-verify)           |
+| `config.DRONE_GITEE_REDIRECT_URL`                       | [Documentation](https://docs.drone.io/server/reference/drone-gitee-redirect-url)          |
+| `config.DRONE_GITEE_SCOPE`                              | [Documentation](https://docs.drone.io/server/reference/drone-gitee-scope)                 |
+| `config.DRONE_GITEE_SKIP_VERIFY`                        | [Documentation](https://docs.drone.io/server/reference/drone-gitee-skip-verify)           |
+| `config.DRONE_GITHUB_CLIENT_ID`                         | [Documentation](https://docs.drone.io/server/reference/drone-github-client-id)            |
 | `config.DRONE_GITHUB_CLIENT_SECRET`                     | [Documentation](https://docs.drone.io/server/reference/drone-github-client-secret)        |
 | `config.DRONE_GITHUB_SCOPE`                             | [Documentation](https://docs.drone.io/server/reference/drone-github-scope)                |
 | `config.DRONE_GITHUB_SERVER`                            | [Documentation](https://docs.drone.io/server/reference/drone-github-server)               |
@@ -77,6 +96,7 @@ be the options passed via the `--set` flag of the `helm install` command.
 | `config.DRONE_SERVER_PROXY_HOST`                        | [Documentation](https://docs.drone.io/server/reference/drone-server-proxy-host)           |
 | `config.DRONE_SERVER_PROXY_PROTO`                       | [Documentation](https://docs.drone.io/server/reference/drone-server-proxy-proto)          |
 | `config.DRONE_STARLARK_ENABLED`                         | [Documentation](https://docs.drone.io/server/reference/drone-starlark-enabled)            |
+| `config.DRONE_STARLARK_STEP_LIMIT`                      | [Documentation](https://docs.drone.io/server/reference/drone-starlark-step-limit)         |
 | `config.DRONE_STASH_CONSUMER_KEY`                       | [Documentation](https://docs.drone.io/server/reference/drone-stash-consumer-key)          |
 | `config.DRONE_STASH_PRIVATE_KEY`                        | [Documentation](https://docs.drone.io/server/reference/drone-stash-private-key)           |
 | `config.DRONE_STASH_SERVER`                             | [Documentation](https://docs.drone.io/server/reference/drone-stash-server)                |
@@ -87,6 +107,7 @@ be the options passed via the `--set` flag of the `helm install` command.
 | `config.DRONE_TLS_CERT`                                 | [Documentation](https://docs.drone.io/server/reference/drone-tls-cert)                    |
 | `config.DRONE_TLS_KEY`                                  | [Documentation](https://docs.drone.io/server/reference/drone-tls-key)                     |
 | `config.DRONE_USER_CREATE`                              | [Documentation](https://docs.drone.io/server/reference/drone-user-create)                 |
+| `config.DRONE_USER_FILTER`                              | [Documentation](https://docs.drone.io/server/reference/drone-user-filter)                 |
 | `config.DRONE_VALIDATE_PLUGIN_ENDPOINT`                 | [Documentation](https://docs.drone.io/server/reference/drone-validate-plugin-endpoint)    |
 | `config.DRONE_VALIDATE_PLUGIN_SECRET`                   | [Documentation](https://docs.drone.io/server/reference/drone-validate-plugin-secret)      |
 | `config.DRONE_VALIDATE_PLUGIN_SKIP_VERIFY`              | [Documentation](https://docs.drone.io/server/reference/drone-validate-plugin-skip-verify) |
@@ -97,8 +118,7 @@ be the options passed via the `--set` flag of the `helm install` command.
 
 ## Missing features
 
-1. Add Persistent Volume for the SQLite database
-2. Support postgres, maria and mysql database directly as helm dependency if as
+1. Support postgres, maria and mysql database directly as helm dependency if as
    `DATABASE_DRIVER` an other instead of `sqlite` has been selected.
    Alternatively can be passed a completely custom string to establish a
    database connection, when the database is running outside the cluster.

renovate.json

@@ -0,0 +1,37 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "automergeStrategy": "merge-commit",
+  "automergeType": "pr",
+  "assignees": [ "volker.raschek" ],
+  "labels": [ "renovate" ],
+  "packageRules": [
+    {
+      "addLabels": [ "renovate/drone", "renovate/automerge" ],
+      "automerge": true,
+      "matchManagers": "droneci",
+      "matchUpdateTypes": [ "minor", "patch"]
+    },
+    {
+      "addLabels": [ "renovate/drone", "renovate/automerge" ],
+      "automerge": false,
+      "matchPackageNames": [ "drone" ],
+      "matchManagers": [ "regex" ]
+    }
+  ],
+  "rebaseLabel": "renovate/rebase",
+  "rebaseWhen": "behind-base-branch",
+  "regexManagers": [
+    {
+      "description": "Update container image reference",
+      "fileMatch": [
+        "^Chart\\.yaml$"
+      ],
+      "matchStrings": [
+        "appVersion: \"(?<currentValue>.*?)\"\\s+"
+      ],
+      "datasourceTemplate": "docker",
+      "depNameTemplate": "drone",
+      "lookupNameTemplate": "docker.io/drone/drone"
+    }
+  ]
+}

templates/deployment.yaml

@@ -17,12 +17,6 @@ spec:
       labels:
         {{- include "drone.selectorLabels" . | nindent 8 }}
     spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
           envFrom:
@@ -32,20 +26,81 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          livenessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /healthz
+              port: http
           ports:
-            - name: http
-              containerPort: 80
-              protocol: TCP
-
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+          - name: http
+            containerPort: 80
+            protocol: TCP
+          - name: https
+            containerPort: 443
+            protocol: TCP
+          readinessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /healthz
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{- if .Values.config.DRONE_DATABASE_DRIVER | default "sqlite3" | eq "sqlite3" }}
+          volumeMounts:
+          - name: data
+            mountPath: {{ default "/data/database.sqlite" .Values.config.DRONE_DATABASE_DATASOURCE | dir }}
+          {{- with .Values.extraVolumeMounts }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          {{- else }}
+          {{- with .Values.extraVolumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          {{- end }}
       {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.podPriorityClassName }}
+      priorityClassName: {{ .Values.podPriorityClassName }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      serviceAccountName: {{ include "drone.fullname" . }}
       {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if and (.Values.config.DRONE_DATABASE_DRIVER | default "sqlite3" | eq "sqlite3") .Values.persistence.existingClaim }}
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+      {{- with .Values.persistence.existingClaim }}
+          claimName: {{ tpl . $ }}
+      {{- end }}
+      {{- with .Values.extraVolumes }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- else if and (.Values.config.DRONE_DATABASE_DRIVER | default "sqlite3" | eq "sqlite3") (not .Values.persistence.existingClaim) }}
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: {{ include "drone.fullname" . }}
+      {{- with .Values.extraVolumes }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- else }}
+      {{- with .Values.extraVolumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}

templates/persistentVolumeClaim.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.persistence.enabled -}}
+{{ if and (.Values.config.DRONE_DATABASE_DRIVER | default "sqlite3" | eq "sqlite3") (not .Values.persistence.existingClaim) }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "drone.fullname" . }}
+spec:
+  accessModes:
+  {{- range .Values.persistence.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+  {{- if .Values.persistence.storageClass }}
+  storageClassName: {{ .Values.persistence.storageClass | quote }}
+  {{- end }}
+{{- end }}
+{{- end -}}

templates/service.yaml

@@ -1,15 +1,36 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "drone.fullname" . }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   labels:
     {{- include "drone.labels" . | nindent 4 }}
+  name: {{ include "drone.fullname" . }}
 spec:
+  {{- with .Values.service.externalIPs }}
+  externalIPs:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  {{- if .Values.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  {{- end }}
+  {{- if and .Values.service.loadBalancerClass (eq .Values.service.type "LoadBalancer") }}
+  loadBalancerClass: {{ .Values.service.loadBalancerClass }}
+  {{- end }}
+  {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  {{- with .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}
-      targetPort: http
+      targetPort: {{ .Values.service.targetPort }}
       protocol: TCP
-      name: http
+      name: {{ .Values.service.name }}
   selector:
     {{- include "drone.selectorLabels" . | nindent 4 }}

templates/serviceAccount.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "drone.labels" . | nindent 4 }}
+  name: {{ include "drone.fullname" . }}

values.yaml

@@ -2,8 +2,6 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-replicaCount: 1
-
 image:
   repository: docker.io/drone/drone
   pullPolicy: IfNotPresent
@@ -16,6 +14,8 @@ fullnameOverride: ""
 
 podAnnotations: {}
 
+podPriorityClassName: ""
+
 podSecurityContext: {}
   # fsGroup: 2000
 
@@ -27,7 +27,7 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
-config:
+config: {}
   # DRONE_BITBUCKET_CLIENT_ID
   # String value. Configures the Bitbucket OAuth client id. This is used to
   # authorize access to Bitbucket on behalf of a Drone user.
@@ -134,6 +134,13 @@ config:
   # https://docs.drone.io/server/reference/drone-database-driver/
   # DRONE_DATABASE_DRIVER: ""
 
+  # DRONE_DATABASE_MAX_CONNECTIONS
+  # Optional numeric value. Set the maximum number of open DB connections from
+  # Drone. It is set to 0 by default and must be configured before the system is
+  # first used.
+  # https://docs.drone.io/server/reference/drone-database-max-connections/
+  # DRONE_DATABASE_MAX_CONNECTIONS: ""
+
   # DRONE_DATABASE_SECRET
   # Optional string value. Configures the secret key used to encrypt secrets in
   # the database. Encryption is disabled by default and must be configured
@@ -177,6 +184,34 @@ config:
   # https://docs.drone.io/server/reference/drone-gitea-server/
   # DRONE_GITEA_SERVER: ""
 
+  # DRONE_GITEA_SKIP_VERIFY
+  # Boolean value disables tls verification when establishing a connection to
+  # the remote Gitea server.
+  # https://docs.drone.io/server/reference/drone-gitea-skip-verify/
+  # DRONE_GITEA_SKIP_VERIFY: ""
+
+  # DRONE_GITEE_REDIRECT_URL
+  # String value configures the Gitee OAuth authorize redirect url.
+  # https://docs.drone.io/server/reference/drone-gitee-redirect-url/
+  # DRONE_GITEE_REDIRECT_URL: ""
+
+  # DRONE_GITEE_SCOPE
+  # String value provides a comma-separated list of OAuth scopes.
+  # https://docs.drone.io/server/reference/drone-gitee-scope/
+  # DRONE_GITEE_SCOPE: ""
+
+  # DRONE_GITEE_SKIP_VERIFY
+  # Boolean value disables TLS verification when establishing a connection to
+  # the remote Gitee server.
+  # https://docs.drone.io/server/reference/drone-gitee-skip-verify/
+  # DRONE_GITEE_SKIP_VERIFY: ""
+
+  # DRONE_GITHUB_CLIENT_ID
+  # String value configures the GitHub OAuth client id. This is used to
+  # authorize access to GitHub on behalf of a Drone user.
+  # https://docs.drone.io/server/reference/drone-github-client-id/
+  # DRONE_GITHUB_CLIENT_ID: ""
+
   # DRONE_GITHUB_CLIENT_SECRET
   # String value configures the GitHub oauth client secret. This is used to
   # authorize access to GitHub on behalf of a Drone user.
@@ -364,6 +399,13 @@ config:
   # https://docs.drone.io/server/reference/drone-starlark-enabled/
   # DRONE_STARLARK_ENABLED: ""
 
+  # DRONE_STARLARK_STEP_LIMIT
+  # Integer value. Sets the maximum number of steps that a starlark
+  # configuration can generate. The default is 50000. This feature requires
+  # Drone server version 2.2.1 or higher.
+  # https://docs.drone.io/server/reference/drone-starlark-step-limit/
+  # DRONE_STARLARK_STEP_LIMIT: ""
+
   # DRONE_STASH_CONSUMER_KEY
   # String value configures your Bitbucket Server consumer key.
   # https://docs.drone.io/server/reference/drone-stash-consumer-key/
@@ -429,6 +471,13 @@ config:
   # https://docs.drone.io/server/reference/drone-user-create/
   # DRONE_USER_CREATE: ""
 
+  # DRONE_USER_FILTER
+  # Optional comma-separated list of accounts. Registration is limited to users
+  # in this list, or users that are members of organizations included in this
+  # list.
+  # https://docs.drone.io/server/reference/drone-user-filter/
+  # DRONE_USER_FILTER: ""
+
   # DRONE_VALIDATE_PLUGIN_ENDPOINT
   # String value configures the endpoint for the validation plugin, used to
   # enforce custom linting rules for your pipeline configuration.
@@ -471,7 +520,19 @@ config:
   # https://docs.drone.io/server/reference/drone-webhook-skip-verify/
   # DRONE_WEBHOOK_SKIP_VERIFY: ""
 
+serviceAccount:
+  annotations: {}
+
 service:
+  annotations: {}
+  # externalIPs: []
+  # externalTrafficPolicy: "Cluster"
+  # loadBalancerClass: ""
+  # loadBalancerIP: ""
+  # loadBalancerSourceRanges: []
+  # internalTrafficPolicy: "Cluster"
+  name: http
+  targetPort: 80
   type: ClusterIP
   port: 80
 
@@ -479,16 +540,18 @@ ingress:
   enabled: false
   className: "nginx"
   annotations:
-    # cert-manager.io/issuer: letsencrypt
+    # kubernetes.io/ingress.class: nginx
+    # cert-manager.io/issuer:
+    # kubernetes.io/tls-acme: "true"
   hosts:
-  - host: "your-hostname"
-    paths:
-    - path: /
-      pathType: ImplementationSpecific
+    - host: "your-hostname"
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
   tls:
-  - secretName: "your-tls-secret"
-    hosts:
-    - "your-hostname"
+    - secretName: "your-tls-secret"
+      hosts:
+        - "your-hostname"
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -507,3 +570,47 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+# persistence is only required when config.DATABASE_DRIVER is sqlite3 or
+# undefined.
+persistence:
+  enabled: true
+  annotation: {}
+  # existingClaim:
+  size: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  labels: {}
+  # storageClass:
+
+# extra volumes for the pod
+extraVolumes: {}
+# The following example mount the same secret, which contains tls certificates
+# under different names. Each volume mount contains only selected items of the
+# secret. This make it easier to place the items on different locations inside the
+# container filesystem via extraVolumeMounts.
+# - name: custom-ca-anchor
+#   secret:
+#     secretName: drone-custom-tls-certificates
+#     items:
+#     - key: ca.crt
+#       path: ca.crt
+#       mode: 0444
+# - name: custom-tls-certificates
+#   secret:
+#     secretName: drone-custom-tls-certificates
+#     items:
+#     - key: tls.key
+#       path: tls.key
+#       mode: 0400
+#     - key: tls.crt
+#       path: tls.crt
+#       mode: 0444
+
+extraVolumeMounts: {}
+# The following example follows the example of extraVolumes and mounts the
+# volumes to the corresponding paths in the container filesystem.
+# - name: custom-ca-anchor
+#   mountPath: /usr/local/share/ca-certificates
+# - name: custom-tls-certificates
+#   mountPath: /etc/drone/tls