thomasklein/terraform-app-drone
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add docker runner and set runner dashboards
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Tamas Kiss
2022-11-28 20:36:44 +01:00
parent 0cff237e31
commit 0610bb40a7
6 changed files with 118 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -74,11 +74,14 @@ Version:
The following resources are used by this module:
- [gitea_oauth2_app.this](https://registry.terraform.io/providers/malarinv/gitea/latest/docs/resources/oauth2_app) (resource)
- [helm_release.drone_runner](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
- [helm_release.drone_runner_docker](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
- [helm_release.drone_runner_kube](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
- [helm_release.drone_server](https://registry.terraform.io/providers/hashicorp/helm/2.5.1/docs/resources/release) (resource)
- [kubernetes_namespace.jobs](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource)
- [kubernetes_namespace.server](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/namespace) (resource)
- [kubernetes_secret.runner_dashboard](https://registry.terraform.io/providers/hashicorp/kubernetes/2.11.0/docs/resources/secret) (resource)
- [random_password.drone_rpc_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) (resource)
- [random_password.runner_dashboard](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) (resource)
## Required Inputs

21
dashboard.tf Normal file
View File

@@ -0,0 +1,21 @@
locals {
runner_dashboard_user = "admin"
}
resource "random_password" "runner_dashboard" {
length = 30
special = false
}
resource "kubernetes_secret" "runner_dashboard" {
metadata {
name = "runner-dashboard-access"
namespace = kubernetes_namespace.server.metadata.0.name
}
data = {
username = local.runner_dashboard_user
password = random_password.runner_dashboard.result
}
type = "kubernetes.io/basic-auth"
}

6
drone.tf
View File

@@ -10,7 +10,7 @@ resource "helm_release" "drone_server" {
values = [
jsonencode({
env = {
DRONE_SERVER_HOST = local.ingress_domain
DRONE_SERVER_HOST = local.drone_domain
DRONE_SERVER_PROTO = "https"
DRONE_GITEA_SERVER = "https://${local.gitea_server}/"
}
@@ -23,11 +23,11 @@ resource "helm_release" "drone_server" {
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
"traefik.ingress.kubernetes.io/router.tls" = "true"
"traefik.ingress.kubernetes.io/router.tls.certresolver" = "acme-thomasklein-me"
"traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
"traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.drone_domain
}
hosts = [
{
host = local.ingress_domain
host = local.drone_domain
paths = [
{
path = "/"

7
locals.tf
View File

@@ -1,4 +1,7 @@
locals {
gitea_server = "git.thomasklein.me"
ingress_domain = "drone.thomasklein.me"
gitea_server = "git.thomasklein.me"
drone_domain = "drone.thomasklein.me"
runner_gc_interval = "5m"
runner_cache_size = "5G"
}

2
oauth.tf
View File

@@ -1,6 +1,6 @@
resource "gitea_oauth2_app" "this" {
name = "Drone"
redirect_uris = [
"https://drone.thomasklein.me/login",
"https://${local.drone_domain}/login",
]
}

88
runner.tf
View File

@@ -1,7 +1,70 @@
resource "helm_release" "drone_runner" {
name = "runner"
resource "helm_release" "drone_runner_docker" {
name = "runner-docker"
chart = "drone-runner-docker"
repository = "https://charts.drone.io"
version = "0.6.0"
namespace = kubernetes_namespace.server.metadata.0.name
create_namespace = false
values = [jsonencode({
serviceAccount = {
create = true
}
}),
jsonencode({
env = {
DRONE_SERVER_HOST = "https://${local.drone_domain}"
DRONE_RPC_HOST = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.cluster.local:8080"
DRONE_RPC_PROTO = "http"
DRONE_UI_USERNAME = local.runner_dashboard_user
}
}),
jsonencode({
dind = {
resources = {
requests = {
cpu = "250m"
memory = "1G"
"ephemeral-storage" = upper(local.runner_cache_size)
}
limits = {
cpu = "1"
memory = "3G"
"ephemeral-storage" = upper(local.runner_cache_size)
}
}
}
}),
jsonencode({
ingress = {
enabled = false
}
}),
jsonencode({
gc = {
enabled = true
env = {
GC_INTERVAL = local.runner_gc_interval
GC_CACHE = "${lower(local.runner_cache_size)}b"
}
}
}),
]
set_sensitive {
name = "env.DRONE_RPC_SECRET"
value = random_password.drone_rpc_secret.result
}
set_sensitive {
name = "env.DRONE_UI_PASSWORD"
value = random_password.runner_dashboard.result
}
}
resource "helm_release" "drone_runner_kube" {
name = "runner-kube"
chart = "drone-runner-kube"
repository = "https://charts.drone.io"
version = "0.1.10"
namespace = kubernetes_namespace.server.metadata.0.name
create_namespace = false
@@ -14,10 +77,23 @@ resource "helm_release" "drone_runner" {
}),
jsonencode({
env = {
DRONE_SERVER_HOST = "https://${local.ingress_domain}"
DRONE_RPC_HOST = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.cluster.local"
DRONE_SERVER_HOST = "https://${local.drone_domain}"
DRONE_RPC_HOST = "${helm_release.drone_server.name}.${helm_release.drone_server.namespace}.svc.cluster.local:8080"
DRONE_RPC_PROTO = "http"
DRONE_NAMESPACE_DEFAULT = kubernetes_namespace.jobs.metadata.0.name
DRONE_UI_USERNAME = local.runner_dashboard_user
}
}),
jsonencode({
resources = {
requests = {
cpu = "100m"
memory = "50Mi"
}
limits = {
cpu = "300m"
memory = "200Mi"
}
}
}),
jsonencode({
@@ -30,4 +106,8 @@ resource "helm_release" "drone_runner" {
name = "env.DRONE_RPC_SECRET"
value = random_password.drone_rpc_secret.result
}
set_sensitive {
name = "env.DRONE_UI_PASSWORD"
value = random_password.runner_dashboard.result
}
}